Developer guide

The DigiCert® Software Trust Manager Developer is responsible for:

Signing
Managing assets relating to signing
Releasing software

Create a keypair

A keypair is required to create a certificate and sign. You have permission create keypairs, review the two Software Trustkeypair types supported by .

Example 1. Standard keypairs

A standard keypair refers to a public key and an associated private key. The public key encrypts data that can only be decrypted by its associated private key, thereby establishing an encrypted connection.

To create a standard keypair:

Sign in to DigiCert ONE.
In the Managers () menu, select Software Trust.
In the Software Trust menu, go to Keypairs > Create keypair.
(Optional) To also create a certificate while you are creating a keypair, select Generate certificate.

Tip

For more detailed instructions, refer to standard keypair.

Example 2. GPG keys

GPG keys are different from standard keypairs because each GPG key includes a master key and associated subkeys. We recommend that the master key only be used for creating subkeys and the subkeys be used for signing. In the event that a subkey is compromised, this will allow you to revoke and replace the affected subkey, while the master key and uncompromised subkeys remain secure.

Note

Use of GPG keys are generally enabled by Technical support. However, if DigiCert ONE is hosted in-house, the certificate template can be created by a system scope admin with the Manage account settings permission.

To create a GPG master key or subkey:

Sign in to DigiCert ONE.
In the Managers () menu, select Software Trust.
In the Software Trust menu, go to Keypairs > GPG keypairs.
Select Create master key or Create subkey.

Tip

For more detailed instructions, refer to GPG keys.

Create a certificate

A certificate is required to sign. You have permission generate certificates, you can generate public or private code signing certificates in Software Trust.

To create a certificate:

Sign in to DigiCert ONE.
In the Managers () menu, select Software Trust.
In the Software Trust menu, go to Keypairs.
Hover over the keypair you want to use to create the certificate until the menu icon appears.
Select Generate certificate.

Tip

For more detailed instructions, refer to Certificates.

View threat detection scans

You can review reports for threats detected in your software.

Tip

If you do not see Threat detection in the left navigation menu, contact your account manager to add Threat detection to your service agreement.

Software Trust offers the following types of threat detection:

Example 3. Static binary analysis

Scan all components found in your software prior to release, to identify malware, vulnerabilities, secrets, and more in your developers' code and any third-party components integrated into your software.

If you have subscribed to use this service, the following documentation may be useful to you:

Example 4. Software composition analysis

Scan open-source components in your development workflow to help your team automatically track, manage, and remediate licensing issues and vulnerabilities before releasing your software.

If you have subscribed to use this service, the following documentation may be useful to you:

Create a release (optional)

Releases protect keys by restricting their use to pre-approved dates and times. The pre-approved date and time selected for a release is referred to as a release window. Within a release window, organizations can control which keypairs can be used, who can use them, and the maximum number of signatures that can be used during the release.

To create a software release:

Sign in to DigiCert ONE.
In the Managers () menu, select Software Trust.
In the Software Trust menu, go to Releases.
Select Create release.

Tip

For more detailed instructions, refer to Releases.

Sign your software (optional)

As a developer, if you also want to sign, follow the instructions in the Signer's guide to get ready to sign with your private key stored in Software Trust.

In this section: