Skip to main content

KSP library

DigiCert​​®​​ KeyLocker KSP is a Microsoft CNG (Cryptographic: Next Generation) library-based client-side tool. The KSP takes a hash-based approach when signing requests that don't require transportation of your files and intellectual property.

What Microsoft signing tools can the KSP integrate with?

The KeyLocker KSP integrates with the following Microsoft signing tools while maintaining key protection, permission-based access, and reporting on all signing activities:

What can the KSP sign?

KSP enables secure hash-based signing of Microsoft:

  • Executables

  • Installers

  • Files

  • Applications

  • Drivers

  • Images

  • Scripts

Download KSP library

Tip

If you've downloaded and installed the Windows Clients Installer, the KSP is already downloaded and registered as part of the installation.

  1. In the KeyLocker menu, go to Resources > Client tool repository.

  2. Find the desired KSP version, and then select the download (download_icon.png) icon.

    • There are two versions of KSP, 64bit and 32bit.

    • Select the 32bit if you're running an older operating system with limited resources that can't handle 64 bit clients.

Register the KSP

To register the KSP, open a command prompt, and then run the following command:

smctl windows ksp register

Verify the KSP

To verify that your KSP is configured properly, and that your client can properly authenticate to the DigiCert​​®​​ KeyLocker service, run the following command:

certutil.exe -csp "DigiCert Software Trust Manager KSP" -key -user

Synchronize certificates

For the client tools to access the private keys in the service through the Key Storage Provider (KSP), your certificates must be synchronized to the local certificate store. If the certificate is synchronize, then the private key remains stored securely in DigiCert​​®​​ KeyLocker.

To synchronize your certificates to the local certificate store, open a command prompt, and then run the following command:

smctl windows certsync

To view the certificates, open Certificate Manager for the user account used to run the certificate sync utility:

certmgr.msc

If you don't see your certificates in the Certificate Manager, verify that you've opened the correct certificate store. There's a different certificate store for each Windows user account.

Opmerking

All certificates are synced to the user store only. The certificates aren't synchronized to the machine store (yet).

In deze sectie: