Microsoft Authenticode Integration Guide

This document covers the necessary information to install, configure, and integrate Microsoft Authenticode with an HSM on Demand Service.

Authenticode relies on proven cryptographic techniques and the use of one or more private keys to sign and time-stamp the published software. It is important to maintain the confidentiality of these keys. SafeNet Data Protection On Demand integrates with Microsoft Authenticode to provide a trusted system for protecting the organizational credentials of the software publisher. An HSM on Demand Service secures the code-signing key within an industry standard FIPS 140-2 level 3 validated HSM.

This document contains the following sections:

>Preparing for the Integration

>Integrating Microsoft Authenticode with an HSM on Demand Service on Windows Server 2016 or Windows Server 2012 R2

>Integrating MS Strong Name with an HSM on Demand Service on Windows Server 2012 R2

>Integrating Microsoft HCK with an HSM on Demand Service on Windows Server 2012

Third Party Application Details

This integration guide uses the following third party applications:

>Microsoft Authenticode (Microsoft Windows SDK 10.1)

Supported Platforms

The following platforms are tested with HSM on Demand Service:

Platforms Tested Microsoft SDK Microsoft Office Smart Tags SDK (optional)
Windows Server 2016 10.1 Office 2003 SDK
Windows Server 2012 R2 10.1 Office 2003 SDK

NOTE    Microsoft Authenticode Integration is tested with Luna Clients in both FIPS and HA mode.