The OpenSSL Corporation Strengthens Code Signing Security, Future-Proofs Against Quantum Threats With Entrust nShield HSMs
NEWARK, Del., September 03, 2025 -- The OpenSSL Corporation is preparing its production code signing environment with Entrust nShield 5c network-attached Hardware Security Modules (HSMs). Selecting Entrust HSMs marks a significant step in strengthening the integrity and resilience of the OpenSSL Library's software releases.
The FIPS 140-3 certified HSMs will provide a secure root of trust for the OpenSSL Library code signing keys, helping to ensure production code cannot be forged or tampered with. This step is essential for maintaining the trust placed in the OpenSSL Library, which underpins billions of secure communications worldwide.
The OpenSSL Corporation and Entrust share a longstanding collaboration within various standards bodies that are focused on delivering interoperable solutions. Most recently, the two organisations contributed to activities standardising hybrid algorithms that combine classical and post-quantum algorithms.
By choosing Entrust, the OpenSSL Corporation gains both proven support for classical cryptography and the capability to transition smoothly toward post-quantum security. The nShield 5c includes support for all of the current standardised NIST post-quantum algorithms, including ML-KEM, SLH-DSA, as well as the ML-DSA algorithms, for quantum-safe digital signing, offering future-proof protection as quantum computing advances.
"We are now in the process of integrating Entrust nShield HSMs within our infrastructure, which will allow us to provide hardware-based code signing with a clear path forward to securing against tomorrow's cryptographic challenges," said Tim Hudson, President of the OpenSSL Corporation.
"Entrust is proud to collaborate with OpenSSL to provide a hardware root of trust for their production code signing environment, powered by our flagship nShield 5c HSMs," said Mike Baxter, President and Chief Technology & Product Officer at Entrust. "By leveraging the production ready post-quantum security capabilities of our HSMs and implementing the NIST-standardised ML-DSA algorithm, OpenSSL can ensure that their code is securely protected today and resilient against future quantum threats."