Secure Software Manager
New and Enhancements
New SSM Smartcard Daemon (SCD) client with tailored signing workflows for better GPG signing - GPG signing on SSM worked but it needed a design overhaul to improve the customer experience. SSM was reliant on the opensource Smartcard Daemon GnuPG-PKCS11-SCD which our users need to compile from source and was limited to Linux OS and restricted to RSA algorithm keys only. With the release of our new SSM SCD we have reinvented our GPG signing flows by coding our APIs directly to the SSM SCD, removing the dependence on PKCS11, and presenting customers with compiled versions of the SSM SCD client optimised for Windows, Linux and Mac OS's. Our new SSM GPG workflows expand support from RSA algorithm signing to also offer our customers ECDSA and EDDSA algorithm support. Finally, we have introduced support for the GPG keyring structure, so that customers can create a hierarchical structure under a GPG master key, with GPG subkeys and user IDs which natively align with the GPG ecosystem.
EdDSA key signing support SSM - We have enhanced our PKCS11 client to now support signing with EDDSA (ED25519) in order to facilitate customers who wish to use EdDSA algorithm. While at present, the EdDSA algorithm is not widely supported by most commercially available code signing tools, we have documented the instructions to cover the tools we have verified to work and will continue to grow this list as we identify and find other tools which introduce support for EdDSA algorithm in the future.
Documentation updates
GPG Signing via SSM SCD - Newly introduced and recommended GPG signing instructions using the SSM SCD are available to view here .
SSM API documentation contextualized - To support customers who want to directly integrate with the SSM APIs, we have contextualized the SSM Swagger page to include context for what the APIs do along with what the parameters mean as well as which are required vs optional here.
CI/CD integration instructions for Github Actions - Documented how to integrate SSM KSP for Authenticode signing with Github Actions via script here .
CI/CD integration instructions for Gitlab - Documented how to integrate SSM KSP for Authenticode signing with Gitlab via script here.
CI/CD integration instructions for CircleCI - Documented how to integrate SSM KSP for Authenticode signing with CircleCI via script here.