PKCS11 library

DigiCert® Software Trust Manager provides a PKCS11 library for developers to securely and quickly sign code.

The PKCS11 library handles secure key generation, application hash signing, and associated certificate-related requirements when the signing request does not require the transportation of files and intellectual property.

What signing tools can PKCS11 library integrate with?

The DigiCert® Software Trust Manager PKCS11 library integrates with the following non-Microsoft signing tools while maintaining key protection, permission-based access and reporting all signing activities:

Apksigner (for Android)
Jarsigner (for Java)
Docker Notary
OpenSSL
GPG
Redhat Package Manager (RPM)
Debian package (DEB)
XML
Jsign
Osslsigncode

What can the PKCS11 sign?

DigiCert® Software Trust Manager PKCS11 library enables secure hash-based signing of non-Microsoft:

Files
Firmware
Applications
Images
Software

Download PKCS11 library

Sign in to DigiCert ONE.
Navigate to: Manager menu (top-right) Software Trust.
Select Resources > Client tool repository.
Click the download icon next to Software Trust Manager PKCS#11 Library.

Create PKCS11 configuration file

To create a configuration file with the path to this shared library:

Open an integrated development environment (IDE) or plain text editor.

Copy and paste the following text into the editor:

Example 1. Windows

name=signingmanager 
library="<path to smpkcs11.dll>"
slotListIndex=0

Sample

name=signingmanager 
library="C:\\Program Files\\DigiCert\\DigiCert One Signing Manager Tools\\smpkcs11.dll"
slotListIndex=0

Example 2. Linux

name=signingmanager 
library="<path to smpkcs11.so>"
slotListIndex=0

Sample:

name=signingmanager 
library="/home/<user>/smtools-linux-x64/smpkcs11.so" 
slotListIndex=0

Example 3. macOS

name=signingmanager 
library=<path to smpkcs11.dylib> 
slotListIndex=0