KSP library
DigiCert® KeyLocker KSP is a Microsoft CNG (Cryptographic: Next Generation) library-based client-side tool. The KSP takes a hash-based approach when signing requests that do not require transportation of your files and intellectual property.
What Microsoft signing tools can the KSP integrate with?
The DigiCert® KeyLocker KSP integrates with the following Microsoft signing tools while maintaining key protection, permission-based access and reporting all signing activities:
What can the KSP sign?
KSP enables secure hash-based signing of Microsoft:
Executables
Installers
Files
Applications
Drivers
Images
Scripts
Download KSP library
Astuce
If you have downloaded and installed the Windows Clients Installer, the KSP is already downloaded and registered as part of the installation.
Sign in to DigiCert® KeyLocker.
Navigate to: Manager menu (top-right) KeyLocker.
Select Resources > Client tool repository.
Click the download icon next to KeyLocker Clients.
Note
Two versions of the KSP exist:
64bit: Recommended
32bit: This version is used if you are running an older operating system with constrained resources that is not able to handle 64bit clients.
Register the KSP
To register the KSP, open a command prompt and run:
smksp_registrar.exe register
Verify the KSP
To verify that your KSP is configured properly, and that your client can properly authenticate to the DigiCert® KeyLocker service, run:
certutil.exe -csp "DigiCert Software Trust Manager KSP" -key -user
Synchronize certificates
For the client tools to access the private keys in the service through the Key Storage Provider (KSP), your certificates must be synchronized to the local certificate store. Only if the certificate is synchronized, the private key remains stored securely in DigiCert® KeyLocker.
To synchronize your certificates to the local certificate store, open a command prompt and run:
smksp_cert_sync.exe
To view the certificates, open Certificate Manager for the user account used to run the certificate sync utility:
certmgr.msc
If you do not see your certificates in the Certificate Manager, verify that you have opened the correct certificate store. There is a different certificate store for each Windows user account.
Note
All certificates are synched to the user store only. The certificates are not synchronized to the machine store (yet).