Skip to main content

Secure Software Manager

New

New signing model - Key rotation pool

  • Key rotation allows users to setup a pool of keys with certificates under a single alias. Users can call this alias for signing safe knowing that the signing key and certificate will be rotated on a preconfigured interval (daily, weekly, fortnightly). This ensures that all releases are not signed by the same signing key and certificate repeatedly.

  • This model works well with Microsoft SmartScreen filter. It changes the signing key and certificate in an optimal way to show Microsoft you are taking care not to repeatedly use the same key while not using a new key for every release. As a result, this builds a good reputation for enforcing codesigning best practices.

Enhancements

  • SMCTL enhancement - sign via SMCTL

    • We have extended workflows to our SMCTL to support signing files without the need for users to be familiar with how to use commercial signing tools like Signtool and Mage from Microsoft, Jarsigner or APK Signer.

    • SMCTL will recursively sign all files in the input folder identified for signing and will sign each file type with the appropriate signing tool based on the default tool settings.

    • SMCTL sign will also incorporate best practices for your signing requests, including automatically timestamping where appropriate and defaulting to the best algorithms and strengths specific to the different signing tools

    Other enhancements

  • Provide users with the ability to delete expired test keypairs and their test certificates.

  • Provide system level users with the ability to edit the trust anchor hierarchy.

  • UI modernization of the Keypair and Certificate management list pages and Audit log details page.