Skip to main content


Software Trust Manager improves your software security through code signing workflow automation that reduces points of vulnerability with end-to-end security and control in the code signing process.


Software Trust Manager ensures trust by:

  • Requiring multi-factor authentication (MFA) for code signing.

  • Preventing unauthorized access or misuse of keys and certificates.

  • Enforcing consistency and compliance of security policies.

  • Guarding against insertion of malware during software releases.

  • Expediting remediation by giving you an audit history of all actions taken within your account.

Software management solutions

Use Software Trust Manager to securely:

  • Generate and manage your credentials.

  • Create, edit, import, export, or delete keypairs.

  • Generate certificates using a keypair in your account.

  • View your audit and signature logs.

  • Create releases.

  • Sign code.

Signing options

You can continue signing with your third-party signing tools, however Software Trust Manager also provides a simplified alternative when you sign with Signing Manager Controller (SMCTL).

Review the comparison between signing with SMCTL or directly with a third-party signing tool:

Sign with SMCTL

Sign directly with third-party tool

Use one command to sign with any signing tool.

Remember and use different signing commands and inputs for every signing tool.

Omit the signing tool and SMCTL will use an integrated signing tool that is compatible with the file type you want to sign.

Identify which tool is compatible to sign the file type you want to sign.

Provide the path to a folder and SMCTL will attempt to sign all files in the folder using your integrated third-party signing tools.

Use different tools to sign different file types.

Command sample:

To sign with a compatible signing tool:

smctl sign --fingerprint <certificate fingerprint> --input <path to unsigned file or folder>

Command sample:

To sign Authenticode files with SignTool:

signtool.exe sign /csp "DigiCert Signing Manager KSP" /kc <keypair_alias> /f <certificate_file> /tr /td SHA256 /fd SHA256 <path to unsigned file>

Command sample:

To sign with a specific third-party signing tool:

smctl sign --keypair-alias <keypair alias> --certificate <path to code signing certificate> --input <path to unsigned file or folder> --tool <tool>

Command sample:

To sign an individual APK file using Apksigner:

$ANDROID_HOME/build-tools/31.0.0/apksigner sign --provider-class --provider-arg <your_pkcs11.cfg_file> --ks NONE --ks-type PKCS11 --ks-pass pass:<anything> --ks-key-alias <keypair_alias> --in <path to unsigned file> --out <path to output signed file>