Skip to main content

Secure Software Manager

Enhancements

HSM Private Key Protection

  • Secure Software Manager has introduced the ability for customers to generate private keys in a HSM. This provides customers with the opportunity to meet with any internal or external security, compliance or audit related requirements relating to where private codesigning keys are stored.

  • EV Codesigning Certificates can only be generated from private keys which are stored in a HSM, which is in compliance with CAB FORUM guidelines for EV Codesigning.

SMCTL client enhancements

  • We have extended the following capabilities to our SMCTL to support cryptographic asset management: Support for 2FA, Certificate Generation, Certificate Revocation, Test Keypair generation, Keypair generation on HSM

  • New functionality to generate sha1 certificate fingerprint for Microsoft Signtool

  • New functionality to generate keypair identifier for OpenSSL based on PKCS #11 standard.

IBM JDK compatibility for PKCS11: Our PKCS11 library will now support integration with IBM JDK in addition to existing support for Oracle Java JDK.

Updates

Multi-factor Authentication

  • In order to adhere to CAB FORUM guidelines for Codesigning, Secure Software Manager will be implementing controls to restrict Keypair Generation, Keypair Import and Signing. This means users will require to have Multi-Factor Authentication in place if they wish to undertake these operations in the UI or using the client libraries.

  • Multi-Factor Authentication for Secure Software Manager client libraries (SMCTL, KSP and PKCS11) will require a client certificate as a 2nd factor in addition to the current API Key which is used today for authentication.

  • Multi-Factor Authentication for Secure Software Manager UI will require the user to have Google Authenticator installed on their mobile device as a 2nd factor in addition to the current Username and Password which is used today for authentication. the intention is to support alternative OTP service providers in the future.

Public Trust Certificates

  • Secure Software Manager will integrate with DigiCert CertCentral to facilitate for the issuance of Public Trust Codesigning Certificates. A one-time setup is required to get Secure Software Manager Accounts enabled but once in place, customers can request public trust certificates in the same way as they do private trust certificates.

  • Currently, we support the issuance of OV Codesigning and EV Codesigning certificates.