Secure Software Manager
New
New signing model - Dynamic keys
Dynamic keys allow users to create a signing object with a static alias and structure that will be automatically replaced for each signature or release, as determined by the user at the time of signing.
Users can call this alias for signing safe, knowing the signing key and certificate will be only used once.
This model works extremely well with private-based signing workflows for IoT devices in the field. In these cases, signatures need to chain up to a known root of trust but the signature does not need to relate to a specific signing private key or certificate.
Enhancements
Release window workflow enhancements
We made a range of enhancements to release windows.
Users now have better scheduling choices and account-level controls in the account settings.
We also extended our signature reports to show which signatures are associated with each release window in both the UI and as a download option.
We broadened the capabilities around what keypairs can be used in release windows.
You can now set up release windows for online production keys, offline production keys (approval workflow required), and Test keys.
We also support keypairs without default certificates for use cases that do not utilize certificates.
SMCTL enhancement - support for release windows
We extended support to our SMCTL to allow users to create, manage, approve, and review release windows.
Email address and OU value support for OV codesigning certificates
We extended support for OU (organizational unit) values and emails. These values can now be added to public codesigning certificates and profiles.
OU values can be added to EV and OV certificates. Email addresses can be added to OV certificates only as per the CAB Forum guidelines for codesigning.