PKI Proxy

A secure key server which enables remote code and document signing using centrally stored keys.


Now Shipping! Featuring expanded platform support, scripting operations, a new Windows KSP, and more!

PKI Proxy

Remotely Sign Code and Documents

With PKI Proxy, you can now bring your own keys (BYOK) for document or code signing, regardless of where the signing occurs. Utilizing our cross-platform, PKCS#11-compliant driver and client-server API, the private keys remain securely on a single machine under your control while document or code signing operations can occur nearly anywhere.

Hardware security modules (HSMs), file-based certificates (PFX files), ECDSA keys, and USB hardware tokens such as Yubikey or DigiCert tokens are all supported. The private key never leaves your server, and PKI Proxy employs SSL/TLS to secure all communications. For symmetric operations, session keys can be encrypted or decrypted. To protect remote key access, PKI Proxy supports multiple authentication options, including HTTP Basic and NTLM. Individual users are allowlisted to specific keys and all operations are logged.

The flexibility of PKI Proxy means it can be utilized on-premises, in a cloud provider, or over the public internet to support centralized-key signing in distributed build and signing pipelines. This solution can be utilized by any application which supports PKCS#11, including Java Jarsigner, Microsoft SignTool, and Adobe Acrobat, as well as code libraries such as SecureBlackbox® or other signing/encryption tools.

PKI Proxy is designed to be flexible around your processes, not impose a process on you, and is ideal for teams whose developers and build servers are isolated from one another.

Secure by Design

Built from the ground up using our own technology, with an extremely small surface area and integrated security.

Supports PKCS#11

Works with any PKCS#11-compatible application or library, including all popular code and document signing tools.

Sign Code and Documents

Supports a number of use cases, including digital signatures for documents and code.

Bring Your Own Key

Remotely access your keys (or hardware tokens) from distributed signing systems; no external hardware security modules needed.

Simple Administration

The intuitive management application makes it easy to configure users and choose which certificates to share.

Outstanding Technical Support

Backed by an expert team of support professionals. Free Email Support for everyone. Premium Support also available for a fee.

Product Features

  • Getting started is easy--run the installer on the machine with certificates and then deploy the PKCS#11 Driver on your signing systems; there are no shell commands or third party libraries.
  • Cross-platform driver with support for Windows, Linux, and macOS.
  • Sign code and documents remotely, without exposing your private keys.
  • Included PKCS#11 Driver allows integration with Jarsigner, SignTool, Adobe Acrobat, and more.
  • Simple access control, users are allowlisted to specific keys.
  • Standardized Web API for use from any environment.
  • Support for hardware tokens and file-based certificates.
  • Also supports signature verification and encryption/decryption operations.
  • Multiple authentication options, including HTTP Basic and NTLM.

Download Trial

30-Day Fully-Functional Trial

Get started today and see why developers worldwide
choose /n software components.


Order Online

Starting at $499

PKI Proxy includes everything needed to add Remote Signing and Encryption to any application - on any platform or development technology.