Code signing for Beginners: Mastery
RCCE students will learn code signing implementation and management including certificate management, signing key protection, timestamp services, revocation procedures, and signature verification. RCCE students will learn to implement code signing for applications, scripts, and container images, manage signing keys using hardware security modules and key management services, configure certificate lifecycle management including rotation and revocation, verify code signatures in deployment pipelines, detect and respond to unauthorized code signing, implement code signing policies across development teams, and integrate code signing into automated build and release workflows. Designed for students with no prior experience in this area, this course builds knowledge from the ground up with clear explanations, guided demonstrations, and progressive skill-building. Starting from foundational concepts, RCCE students will learn core concepts through practical examples that connect theory to real-world security operations. By completion, students will have the foundational knowledge and hands-on confidence needed to contribute in professional cybersecurity roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Code signing for Beginners: Mastery
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for what is code signing?
- Execute hands-on tasks for why it matters — covering Digital signature applied to software, Prevents tampered software distribution.
- Execute hands-on tasks for uses asymmetric cryptography (pki) — covering Prevents tampered software distribution.
- Execute hands-on tasks for real-world code signing examples
- Execute hands-on tasks for windows drivers
- Execute hands-on tasks for container images
- Execute hands-on tasks for docker content trust — covering macOS Applications.
- Execute hands-on tasks for play/app store validation
- Explain Cryptographic Foundations: Hashing fundamentals
- Execute hands-on tasks for hash functions — covering One-way mathematical function, Hash computed over code artifact.
- Execute hands-on tasks for role in signing — covering Hash computed over code artifact.
| Module 01 | Learning Objectives |
| Module 02 | What Is Code Signing? |
| Module 03 | Why It Matters |
| Module 04 | Uses asymmetric cryptography (PKI) |
| Module 05 | Real-World Code Signing Examples |
| Module 06 | Windows Drivers |
| Module 07 | Container Images |
| Module 08 | Docker Content Trust |
| Module 09 | Play/App Store validation |
| Module 10 | Cryptographic Foundations: Hashing |
| Module 11 | Hash Functions |
| Module 12 | Role in Signing |
| Module 13 | Asymmetric Cryptography Basics |
| Module 14 | Private Key |
All hands-on labs run on Rocheston Rose X OS. Students practice code signing for beginners: mastery by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for learning objectives
- Lab 2: Execute hands-on tasks for what is code signing?
- Lab 3: Execute hands-on tasks for why it matters
- Lab 4: Execute hands-on tasks for uses asymmetric cryptography (pki)
- Lab 5: Execute hands-on tasks for real-world code signing examples
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Code signing for Beginners: Mastery, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI