Remotely Sign Code and Documents
With PKI Proxy, you can now bring your own keys (BYOK) for document or code signing, regardless of where the signing occurs. Utilizing our cross-platform, PKCS#11-compliant driver and client-server API, the private keys remain securely on a single machine under your control while document or code signing operations can occur nearly anywhere.
Hardware security modules (HSMs), file-based certificates (PFX files), ECDSA keys, and USB hardware tokens such as Yubikey or DigiCert tokens are all supported. The private key never leaves your server, and PKI Proxy employs SSL/TLS to secure all communications. For symmetric operations, session keys can be encrypted or decrypted. To protect remote key access, PKI Proxy supports multiple authentication options, including HTTP Basic and NTLM. Individual users are allowlisted to specific keys and all operations are logged.
The flexibility of PKI Proxy means it can be utilized on-premises, in a cloud provider, or over the public internet to support centralized-key signing in distributed build and signing pipelines. This solution can be utilized by any application which supports PKCS#11, including Java Jarsigner, Microsoft SignTool, and Adobe Acrobat, as well as code libraries such as SecureBlackbox® or other signing/encryption tools.
PKI Proxy is designed to be flexible around your processes, not impose a process on you, and is ideal for teams whose developers and build servers are isolated from one another.
Secure by Design
Built from the ground up using our own technology, with an extremely small surface area and integrated security.
Works with any PKCS#11-compatible application or library, including all popular code and document signing tools.
Sign Code and Documents
Supports a number of use cases, including digital signatures for documents and code.
Bring Your Own Key
Remotely access your keys (or hardware tokens) from distributed signing systems; no external hardware security modules needed.
The intuitive management application makes it easy to configure users and choose which certificates to share.
Outstanding Technical Support
Backed by an expert team of support professionals. Free Email Support for everyone. Premium Support also available for a fee.
- Getting started is easy--run the installer on the machine with certificates and then deploy the PKCS#11 Driver on your signing systems; there are no shell commands or third party libraries.
- Cross-platform driver with support for Windows, Linux, and macOS.
- Sign code and documents remotely, without exposing your private keys.
- Included PKCS#11 Driver allows integration with Jarsigner, SignTool, Adobe Acrobat, and more.
- Simple access control, users are allowlisted to specific keys.
- Standardized Web API for use from any environment.
- Support for hardware tokens and file-based certificates.
- Also supports signature verification and encryption/decryption operations.
- Multiple authentication options, including HTTP Basic and NTLM.