Skip to main content

Architecture

Rest API

The primary interface to the DigiCert​​®​​ Software Trust Manager service. DigiCert-developed tools (*nix shared library, key storage provider (KSP), command line client) are built on this API, making it easy for customers to embed signing into their flows. You do not have to call the API directly, reducing the effort required to integrate code signing into the build process.

PKCS11 shared library

The DigiCert shared library (smpkcs11.so.dll) allows native platform tools to use the DigiCert​​®​​ Software Trust Manager service through a standard PKCS11 interface.

The tools call the PKCS11 interface. The PKCS11 interface invokes our shared library that facilitates communication to the DigiCert​​®​​ Software Trust Manager service.

Key storage provider

DigiCert developed a key storage provider that allows native Windows tools to access private keys hosted in DigiCert​​®​​ Software Trust Manager through the Microsoft CryptoAPI interface.

Command line client

SMCTL is a DigiCert developed command line interface (CLI) for key and certificate management activities. It is available on both Windows and Linux platforms.

Management tools

Keytool and p11tool are native platform tools that can interact with the DigiCert​​®​​ Software Trust Manager service via PKCS11 interface for managing keys and certificates.

Signing tools

Native platform tools that can interact with the DigiCert​​®​​ Software Trust Manager service via PKCS11 or Key Storage Provider interfaces for signing.

Signing tools are available in a variety of formats from the following location: DigiCert​​®​​ Software Trust Manager > Resources > Client tool repository.