Are you ready for 3072-bit code signing keys?
On June 1, 2021 new code signing key size requirements have gone into effect as mandated by the CA/B forum. This change requires that code signing keys have a minimum size of 3072-bit RSA or larger (up from an earlier requirement of 2048 bits).
Code signing certificates are a high-value target for cybercriminals. A successful compromise of them is considered highly prized amongst threat actors as it could lead to creation of signed malware that appears legitimate and one published by the organizations’ developers. This has led to increased attention and focus on them from not just one group of hackers but various active APT (Advanced Persistent Threat) groups.
Even though increasing the key size length (which is an important security metric) can serve to exponentially reduce the probability of a successful brute force attack, companies can’t just heave a sigh of relief by considering only that. The current change from the CA/B forum is focused entirely on key size but when it comes to code signing, security decision making cannot afford to only just look at that as an attack surface. Code signing remains vulnerable to many other forms of attacks.
A side channel attack is one that is generally not reported to be a direct threat to code signing and is one that may not be practical to implement in certain cases, but it should still be factored in as it seeks to obtain compromising information from secondary output channels.
A threat model of code signing should bring out weaknesses such as theft of keys due to them being placed in unsecured locations, compromise of the signing infrastructure due to poor governance controls, etc. Even compromise of a Certificate Authority (CA) is a major threat that needs to be factored in.
In light of the many recent high-profile supply chain attacks, organizations that currently are involved with writing and deploying software, need to take the code signing threat extremely seriously.
Code signing keys and certificates are important machine identities that must be secured and Venafi CodeSign Protect is designed to do just that. Besides ensuring that private code signing keys never leave a secured location (preventing private key sprawl), Venafi can also ensure that these keys are not used except as when authorized (such as when proper approvals are obtained, certain time of day requirements are met, certain code signing tool is used, or certain machines are used).
But an important aspect of securing an organization’s code signing process is when security policy must be updated, such as in this situation where key length needs to change to 3072-bit. With Venafi CodeSign Protect, security teams have visibility into all code signing certs and keys that are in use across the enterprise and can easily modify security policy to reflect this change. Furthermore, certificates and keys can be automatically updated by Venafi to reflect these changes.
If anyone still needs convincing about the significance of attack vectors on code signing keys and certificates, they only need to look at the underground market where the cost of code signing certificates keeps continuing to increase, an indication of how profitable an endeavor it is for attackers.