PKI Proxy
A secure self-hosted solution which enables remote code and document signing using centrally stored keys.
Download BetaPlease see the Getting Started article for details about installation, configuration and use.

Remotely Sign Code and Documents
With PKI Proxy, you can now bring your own keys (BYOK) for document or code signing, regardless of where the signing occurs. Utilizing our PCKS#11-compliant driver and self-hosted API, the private key remains securely on a single machine under your control while document or code signing operations can occur nearly anywhere.
Hardware security modules (HSMs), file-based certificates (PFX files), ECDSA keys, and USB hardware tokens such as Yubikey or DigiCert tokens are all supported. The private key never leaves your server, and PKI Proxy employs SSL/TLS to secure all communications. For symmetric operations, session keys can be encrypted or decrypted. To protect remote key access, PKI Proxy supports multiple authentication options, including KeyId/KeySecret, HTTP Basic and NTLM. Individual users are allowlisted to specific keys and all operations are logged.
The flexibility of PKI Proxy means it can be utilized on-premises, in a cloud provider, or over the public internet to support centralized-key signing in distributed build and signing pipelines. This solution can be utilized by any application which supports PKCS#11, including Java Jarsigner, Microsoft SignTool, and Adobe Acrobat, as well as code libraries such as SecureBlackbox® or other signing/encryption tools.
PKI Proxy is designed to be flexible around your processes, not impose a process on you, and is ideal for teams whose developers and build servers are isolated from one another.
Secure by Design
Built from the ground up using our own technology, with an extremely small surface area and integrated security.
Supports PKCS#11
Works with any PKCS#11-compatible application and code library, including all popular code and document signing tools.
Sign Code and Documents
Supports a number of use cases, including digital signatures for documents and code.
Bring Your Own Key
Remotely access your keys (or hardware tokens) from distributed signing systems; no external hardware security modules needed.
Simple Administration
The intuitive management application makes it easy to configure users and choose which certificates to share.
Outstanding Technical Support
Backed by an expert team of support professionals. Free Email Support for everyone. Premium Support also available for a fee.
Product Features
- Getting started is easy--run the installer on the machine with certificates and then deploy the PKCS#11 Driver on your signing systems; there are no shell commands or third party libraries.
- Sign code and documents remotely, without exposing your private key.
- Included PKCS#11 Driver allows integration with Jarsigner, SignTool, and more.
- Simple access control.
- Standardized Web API for use from any environment.
- Support for hardware tokens and file-based certificates.
Download Beta
Fully-Functional Free Beta (90-Day Expiration)
Get started today and see why developers worldwide
choose /n software components.
Red Carpet Subscription
Everything in One Package
The Red Carpet Subscription provides access to every product and edition at a fraction of the cost of purchasing the included products.
Order