Skip to main content

PKCS11 library

DigiCert​​®​​ Software Trust Manager provides a PKCS11 library for developers to securely and quickly sign code.

The PKCS11 library handles secure key generation, application hash signing, and associated certificate-related requirements when the signing request does not require the transportation of files and intellectual property.

What signing tools can PKCS11 library integrate with?

The DigiCert​​®​​ Software Trust Manager PKCS11 library integrates with the following non-Microsoft signing tools while maintaining key protection, permission-based access and reporting all signing activities:

  • Apksigner (for Android)

  • Jarsigner (for Java)

  • Docker Notary

  • OpenSSL

  • GPG

  • Redhat Package Manager (RPM)

  • Debian package (DEB)

  • XML

  • Jsign

  • Osslsigncode

What can the PKCS11 sign?

DigiCert​​®​​ Software Trust Manager PKCS11 library enables secure hash-based signing of non-Microsoft:

  • Files

  • Firmware

  • Applications

  • Images

  • Software

Download PKCS11 library

  1. Sign in to DigiCert ONE.

  2. Navigate to: Manager menu (top-right) Software Trust.

  3. Select Resources > Client tool repository.

  4. Click the download icon next to Software Trust Manager PKCS#11 Library.

Create PKCS11 configuration file

To create a configuration file with the path to this shared library:

  1. Open an integrated development environment (IDE) or plain text editor.

  2. Copy and paste the following text into the editor:

  3. Save the file as pkcs11properties.cfg.

  4. Move the pkcs11properties.cfg file to the same location as the PKCS11 library.