Dynamic keypairs
When you create a dynamic keypair, you establish the parameters of your keypairs. Every 15 minutes, the dynamic keypair and certificate will be deleted and replaced with a new keypair and certificate using the same parameters. This ensures that each signature is unique and adds an additional layer of security.
Create a dynamic keypair
You require the Generate keypair
permission to create a keypair.
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Keypairs > Create keypair.
Complete the following fields:
Field
Description
Keypair type
Select Dynamic (keypair will change every time you complete a signature).
Keypair alias
Name to uniquely identify this keypair.
Team
Select a team that should have access to this keypair.
Nota
You will only see this field if you enable Teams under Account settings.
Keypair profile
Select a keypair profile. If you have selected a team. you will only see keypair profiles allocated to that team.
Algorithm
Select RSA, ECDSA, or EdDSA.
Nota
When you select EdDSA the key curve sets to Ed25519).
Key size
Select 2048, 3072, or 4096.
Keypair category
Select Production or Test.
Keypair storage
Select if the keypair should be generated and stored on HSM or Disk.
Keypair status
Select Online (can be used to sign anytime) or Offline (can only be used to sign during a scheduled release).
Access
Select Open (can be used by any account user) or Restricted (can only be used by specified users or a member of a specified user group.
Allowed users
For Restricted keypairs, you can specify which users can use the keypair.
Allowed user groups
For Restricted keypairs, you can specify one or more groups that are authorized to use the keypair.
Generate certificate
When this box is checked, the keypair will be generated with a corresponding default certificate for the keypair.
Click Create keypair.
Refresh dynamic key
You can refresh a dynamic key from Software Trust Manager or SMCTL.
Dynamic keys in Audit logs
To search for recently refreshed dynamic keypairs:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Logs > Audit logs.
Identify the Type column and filter by Dynamic.
Identify the Action column and filter by Refresh.
Dynamic keys in signature logs
To search for signatures completed with the dynamic key:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Logs > Signature logs.
Identify the Keypair alias column and filter by the keypair alias.
or
Identify the Keypair ID column and filter by the specific dynamic keypair ID.