Signing with Google HSM/Key Manager and PKCS #1 v1.5 Padding

We are integrating our Signing Service to support various Hardware Security Modules (HSMs). Our Signing Service uses a macOS app with a CryptoTokenKit extension to extend macOS signing; as a result, signing identities do not have to be imported into the keychain. When a signing operation is started (via Xcode, codesign command, etc.), a SHA-256…

READ MORE

How to Deploy Signing Service to AWS

Initial Configuration Install AWS EB CLI Follow the instructions on the AWS Beanstalk Guide to install AWS EB CLI: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/eb-cli3-install.html Clone the Repository Clone this repository and cd to its directory in Terminal Add elasticbeanstalk config Download the file elasticbeanstalk_config.zip, copy the zip file to root of the cloned repository folder, and unzip it. Inside…

READ MORE

Wrapping Private Keys for Google HSM from macOS Keychain

We are integrating Hardware Security Module (HSM) support for our Signing Service! Importing existing developer identities is important; Signing Service is a secure service for managing your Apple developer certificates and private keys. While using a .p12 file is very common way to export and share identities, it doesn’t work well for an HSM. The…

READ MORE