Essentials of Code signing
RCCE students will learn code signing implementation and management including certificate management, signing key protection, timestamp services, revocation procedures, and signature verification. RCCE students will learn to implement code signing for applications, scripts, and container images, manage signing keys using hardware security modules and key management services, configure certificate lifecycle management including rotation and revocation, verify code signatures in deployment pipelines, detect and respond to unauthorized code signing, implement code signing policies across development teams, and integrate code signing into automated build and release workflows. This essentials course covers the core knowledge needed to operate competently in this domain. Starting from foundational concepts, RCCE students will learn the fundamental concepts, terminology, risks, and defenses that form the foundation for all further study and professional practice. Students build a solid knowledge base that prepares them for more advanced courses and real-world security responsibilities.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Essentials of Code signing
- Execute hands-on tasks for implementation, management & security of digital code signatures
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for skills you will gain — covering Course Structure.
- Execute hands-on tasks for automate signing in ci/cd — covering Course Structure.
- Execute hands-on tasks for what is code signing?
- Execute hands-on tasks for why code signing matters
- Execute hands-on tasks for business drivers — covering Compliance mandates (PCI-DSS, SOC2).
- Execute hands-on tasks for technical drivers — covering Prevent unauthorized code execution.
- Explain PKI Foundations for Code Signing fundamentals
- Execute hands-on tasks for asymmetric cryptography — covering Digital Certificates (X.509).
- Execute hands-on tasks for code signing certificate types — covering Organization validated by CA • Software-stored private key allowed, Rigorous identity verification • Private key must be on HSM/token.
| Module 01 | Implementation, Management & Security of Digital Code Signatures |
| Module 02 | Course Overview |
| Module 03 | What You Will Learn |
| Module 04 | Skills You Will Gain |
| Module 05 | Automate signing in CI/CD |
| Module 06 | What Is Code Signing? |
| Module 07 | Why Code Signing Matters |
| Module 08 | Business Drivers |
| Module 09 | Technical Drivers |
| Module 10 | PKI Foundations for Code Signing |
| Module 11 | Asymmetric Cryptography |
| Module 12 | Code Signing Certificate Types |
| Module 13 | Standard Code Signing (OV) |
| Module 14 | Extended Validation (EV) Code Signing |
All hands-on labs run on Rocheston Rose X OS. Students practice essentials of code signing by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for implementation, management & security of digital code signatures
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for what you will learn
- Lab 4: Execute hands-on tasks for skills you will gain
- Lab 5: Execute hands-on tasks for automate signing in ci/cd
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Essentials of Code signing, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI