certificatecahsmamazon-cloudhsm

EV code signing certificate along with cloud HSM


this sounds like a duplicate question but still I couldn't find a correct solution. Maybe a lack of knowledge in this domain.

Anyway, I am using the EV code signing certificate along with a USB device from the COMODO provider, working fine.

But just to make the CI process smooth we wanted to get rid of the USB device and use cloud HSM. Did many calls with all most all vendors but was not clear cost-wise and solution wise which provider to choose from. At the end, I want to import my existing certificate and sign files.

Please share some pointets


Solution

  • But just to make the CI process smooth we wanted to get rid of the USB device and use cloud HSM.

    The code signing certificate is stored on an external hardware token (USB key). You will not be able to import the private key into an HSM.

    Using AWS CloudHSM will not allow you to bypass Comodo's code signing certificate procedures (usage or renewal). Since the Comodo EV certificate implements Two-Factor Authentication (PIN), you must use their procedures which means the hardware token must be present to sign.

    Unless you require that level of key security, consider a standard Code Signing certificate.