The integration of Hardware Security Modules (HSMs) with the code signing process has led to YubiKey, a popular HSM token trending in the market and widely accepted by many business organizations and CAs around the globe. Also, as per the previous post, we all have a clear understanding of what YubiKey HSM is and the most easy process of installing code signing certificates on YubiKey.
Now, let us discover how to securely store your Code Signing Certificate Credentials in the YubiKey HSM using an easy step-by-step process;
Step 1
Open "pivman.exe" which is the YubiKey's Personal Identity Verification (PIV) managing software as per below image.
Step 2
Now, you need to plug in the YubiKey and if required then you will be prompted to generate a Personal Identification Number (PIN) for your device.
Step 3
On the PIN setup screen, for authentication of PIN and unlocking YubiKey device, select the "USE PIN as KEY" under the Management Key option as per the above image.
Step 4
For code signing on Windows based system you can overlook the PIN recommendation for cross-platform compatibility. This is so because the PIN is usually of just eight characters and Windows doesn't have issues with a PIN that includes extended alphanumeric characters.
Moreover, please Note that YubiKey has Three Attempts to enter correct PIN or else would get locked erasing all data stored in it for data security and then it can only be accessed using Reset Option.
Step 5
Once the PIN is successfully set, you will be navigated to a PIV Manager Screen where you need to click the Certificates Tab
Step 6
In this step, you need to select the Digital Signature section in the Certificates screen which indicates the certificate type required for code signing.
Step 7
In this step, click on Import From file and select your .p12 Code for signing the credential file by which under the .p12 coded file you are required to enter the password set for the private key (Not the YubiKey PIN)
Step 8
Once the Step 7 of Importing Certificate is successful, you will get a popup message displaying same along with instruction to Unplug and Re-insert your YubiKey as per below image.
Step 9
This is the last step whereby you just need to pug in back the YubiKey and return back to the Digital Signature option certificate in the PIV Manager tab.
Here your installed code signing certificate details and credentials will be displayed which can be used for code signing process.
Conclusion
To sum up, following these steps will enable you to securely store and manage your installed code signing certificate credentials on your YubiKey hardware device.
Top comments (0)