Architecture

The primary interface to the DigiCert​​®​​ Software Trust Manager service. DigiCert-developed tools (*nix shared library, key storage provider (KSP), command line client) are built on this API, making it easy for customers to embed signing into their flows. You do not have to call the API directly, reducing the effort required to integrate code signing into the build process.

The DigiCert shared library (smpkcs11.so.dll) allows native platform tools to use the DigiCert​​®​​ Software Trust Manager service through a standard PKCS11 interface.

The tools call the PKCS11 interface. The PKCS11 interface invokes our shared library that facilitates communication to the DigiCert​​®​​ Software Trust Manager service.

DigiCert developed a key storage provider that allows native Windows tools to access private keys hosted in DigiCert​​®​​ Software Trust Manager through the Microsoft CryptoAPI interface.

SMCTL is a DigiCert developed command line interface (CLI) for key and certificate management activities. It is available on both Windows and Linux platforms.

Keytool and p11tool are native platform tools that can interact with the DigiCert​​®​​ Software Trust Manager service via PKCS11 interface for managing keys and certificates.

Native platform tools that can interact with the DigiCert​​®​​ Software Trust Manager service via PKCS11 or Key Storage Provider interfaces for signing.

Signing tools are available in a variety of formats from the following location: DigiCert​​®​​ Software Trust Manager > Resources > Client tool repository.