Skip to main content

Product components

At a high level, DigiCert​​®​​ Software Trust Manager functionality can be divided into the following categories: Signing, Scanning, and Controls.

Signing

Enables secure code signing across various file types, supported by flexible tools and interfaces.

Table 1. Signing

Tool

Description

Code signing method

This tool includes binary signing and commit signing to ensure code authenticity, traceability, and integrity at various development stages.

Signing interfaces & tools

  • REST API: Acts as the primary interface to the Software Trust service. DigiCert-developed tools (*nix shared library, key storage provider (KSP), command line client) are built on this API, which allows you to embed signing into their flows. You don't have to call the API directly, reducing the effort required to integrate code signing into the build process.

  • PKCS11 Shared Library: The DigiCert shared library (smpkcs11.so.dll) enables native platform tools to access the Software Trust service through a standard PKCS11 interface.

  • Key Storage Provider (KSP): DigiCert developed a key storage provider that allows native Windows tools to access private keys hosted in Software Trust through the Microsoft CryptoAPI interface.

  • Command line client (SMCTL): SMCTL is a DigiCert-developed command line interface (CLI) for signing and key and certificate management activities, available on both Windows and Linux platforms.

Key & certificate lifecycle management

This tool manages signing keys and certificates, including generating, rotating, storing, issuing, renewing, and revoking.

Release management

This tool provides mechanisms for controlled, auditable, and policy-driven software release processes.


Scanning

Automated security checks for code and binaries to ensure software assurance.

Table 2. Scanning

Tool

Description

Software assurance service

Performs automated tests to detect security flaws or abnormal behavior.

SBOM management

Generates and manages Software Bills of Materials for transparency.

Dependency management and change control

Tracks external libraries and controls changes to dependencies.

Static binary analysis

Examines binaries for vulnerabilities without running them.

Software composition analysis

Identifies open-source components and associated security risks.


Controls

Tools for monitoring, managing, and enforcing organizational security policies can be divided into the following categories: Management interface and Access & governance.

Table 3. Management interface

Tool

Description

REST API

This tool acts as the primary interface to the Software Trust service. DigiCert-developed tools (*nix shared library, key storage provider (KSP), command-line client) are built on this API, which allows you to embed signing into their flows. You don't have to call the API directly, reducing the effort required to integrate code signing into the build process.

Command-line client (SMCTL)

SMCTL is a DigiCert-developed command-line interface (CLI) for signing and key and certificate management activities, available on both Windows and Linux platforms.

Management tools

Keytool and p11tool are native platform tools that interact with Software Trust via PKCS11 interface for managing keys and certificates.


Table 4. Access & governance 

Tool

Description

Teams

This tool enables user grouping and role-based access control.

Releases

This tool tracks release events and ties them to signing and approval workflows.

Logs

This tool records all system and user activities for audit and compliance.

Alerts

This tool notifies users of policy violations, anomalies, or system events.

Analytics

This tool provides visibility into usage, performance, and compliance metrics.


In this section: