DigiCert® KeyLocker certificates have a standard DigiCert® KeyLocker service fee regardless of the validity period of the certificate. This fee entitles you to a limit of one signer and 1,000 signatures per certificate. You can increase your signature limit at any time by purchasing additional signatures in increments of 1,000.
注記
On November 3, 2023, DigiCert updated the KeyLocker licensing terms. The change aligns the service terms with a new policy restricting customers to 1000 signature limit per KeyLocker certificate and one signer designated to each code signing certificate stored in KeyLocker. These terms only affect customers who purchased code signing certificates after November 3, 2023.
License | Description | Consumption |
|---|---|---|
Signature units | Each KeyLocker code signing certificate enables you to generate up to 1,000 signatures during the certificate lifecycle. The signature limit is tied to the certificate's validity, therefore any remaining signatures cannot be transferred to another certificate. We offer 1000 signatures for each year the certificate is valid, meaning:
| You cannot exceed the signature limit; however, you can purchase additional signatures in increments of 1,000 in CertCentral at any point as long as the certificate is still valid. |
User seats | You can add multiple users to your KeyLocker account, however only one user can be assigned per certificate. An account user with the KeyLocker lead role can update the assigned user at any time during the certificate lifecycle. | There is no limit on how many users you can add to your account. You cannot assign more than one user to a certificate at a time. |
Consuming signature units
Each binary or artifact signed consumes one signature unit. If you sign 100 binaries, you will use 100 signature units.
Some users embed internal binaries inside an outer binary. In these cases, signing the outer binary may consume multiple signature units, depending on the number of embedded binaries. As a result, it's important to track the total number of files being signed to accurately estimate the amount of signature units consumed.
Support for batch signing
DigiCert® KeyLocker provides batch signing functionality via the SMCTL CLI tool.
You can sign multiple files in the same folder using batch signing; however, signature units are still consumed based on the number of files signed. In other words, signing multiple files in a batch does not reduce the signature unit cost.
Pricing for additional signature units
You can purchase additional signature units through CertCentral at a rate of 1,000 signatures units. See Get more KeyLocker signatures.