PKI Proxy

A secure self-hosted solution which enables remote code and document signing using centrally stored keys.

Download Beta

Beta 2 Is Now Available! Featuring support for ECDSA keys, encryption/decryption operations, NTLM authentication, and more!

PKI Proxy

Remotely Sign Code and Documents

With PKI Proxy, you can now bring your own keys (BYOK) for document or code signing, regardless of where the signing occurs. Utilizing our PCKS#11-compliant driver and self-hosted API, the private key remains securely on a single machine under your control while document or code signing operations can occur nearly anywhere.

Hardware security modules (HSMs), file-based certificates (PFX files), ECDSA keys, and USB hardware tokens such as Yubikey or DigiCert tokens are all supported. The private key never leaves your server, and PKI Proxy employs SSL/TLS to secure all communications. For symmetric operations, session keys can be encrypted or decrypted. To protect remote key access, PKI Proxy supports multiple authentication options, including HTTP Basic and NTLM. Individual users are allowlisted to specific keys and all operations are logged.

The flexibility of PKI Proxy means it can be utilized on-premises, in a cloud provider, or over the public internet to support centralized-key signing in distributed build and signing pipelines. This solution can be utilized by any application which supports PKCS#11, including Java Jarsigner, Microsoft SignTool, and Adobe Acrobat, as well as code libraries such as SecureBlackbox® or other signing/encryption tools.

PKI Proxy is designed to be flexible around your processes, not impose a process on you, and is ideal for teams whose developers and build servers are isolated from one another.


Secure by Design

Built from the ground up using our own technology, with an extremely small surface area and integrated security.

Supports PKCS#11

Works with any PKCS#11-compatible application and code library, including all popular code and document signing tools.

Sign Code and Documents

Supports a number of use cases, including digital signatures for documents and code.

Bring Your Own Key

Remotely access your keys (or hardware tokens) from distributed signing systems; no external hardware security modules needed.

Simple Administration

The intuitive management application makes it easy to configure users and choose which certificates to share.

Outstanding Technical Support

Backed by an expert team of support professionals. Free Email Support for everyone. Premium Support also available for a fee.

Online Resources



  • Remote Signing
  • Code Signing
  • Certificate Sharing
  • PKCS#11
  • HSM
  • PFX
  • Authenticode
  • Cryptoki
  • PKCS#11 Forwarding

Product Features

  • Getting started is easy--run the installer on the machine with certificates and then deploy the PKCS#11 Driver on your signing systems; there are no shell commands or third party libraries.
  • Sign code and documents remotely, without exposing your private key.
  • Included PKCS#11 Driver allows integration with Jarsigner, SignTool, Adobe Acrobat, and more.
  • Simple access control, users are allowlisted to specific keys.
  • Standardized Web API for use from any environment.
  • Support for hardware tokens and file-based certificates.
  • Also supports signature verification and encryption/decryption operations.
  • Multiple authentication options, including HTTP Basic and NTLM.

Download Beta

Fully-Functional Free Beta (90-Day Expiration)

Get started today and see why developers worldwide
choose /n software components.

Download

Red Carpet Subscription

Everything in One Package

The Red Carpet Subscription provides access to every product and edition at a fraction of the cost of purchasing the included products.

Order