PKCS11 library
DigiCert® Software Trust Manager provides a PKCS11 library for developers to securely and quickly sign code.
The PKCS11 library handles secure key generation, application hash signing, and associated certificate-related requirements when the signing request does not require the transportation of files and intellectual property.
What signing tools can PKCS11 library integrate with?
The DigiCert® Software Trust Manager PKCS11 library integrates with the following non-Microsoft signing tools while maintaining key protection, permission-based access and reporting all signing activities:
Apksigner (for Android)
Jarsigner (for Java)
Docker Notary
OpenSSL
GPG
Redhat Package Manager (RPM)
Debian package (DEB)
XML
Jsign
Osslsigncode
What can the PKCS11 sign?
DigiCert® Software Trust Manager PKCS11 library enables secure hash-based signing of non-Microsoft:
Files
Firmware
Applications
Images
Software
Download PKCS11 library
Sign in to DigiCert ONE.
Navigate to: Manager menu (top-right) Software Trust.
Select Resources > Client tool repository.
Click the download icon next to Software Trust Manager PKCS#11 Library.
Create PKCS11 configuration file
To create a configuration file with the path to this shared library:
Open an integrated development environment (IDE) or plain text editor.
Copy and paste the following text into the editor:
Save the file as pkcs11properties.cfg.
Move the pkcs11properties.cfg file to the same location as the PKCS11 library.