DigiCert KeyLocker is a cloud-based HSM. It is used to generate and store keys that you can then use to sign code and applications. Thanks to KeyLocker, you can sign from anywhere and share the certificate between multiple people. You no longer need to share a single token with a stored Code Signing certificate.
Safe storage is required for all Code Signing certificates
The CA/B Forum requires that Code signing certificates’ private keys be stored on a device certified for FIPS 140-2 Level 2 or Common Criteria Level EAL4+ standards. Therefore, it is no longer possible to obtain a certificate in a PFX file, it can only be saved on an HSM or token.
The token solution is cheap and easy, but its use is incompatible with automation and team use. You have to enter the token password every time you sign, and there is no way around it even by using it on the server. Buying a hardware HSM is expensive and unnecessary for many companies because they will not use it. Fortunately, there is a way to solve key storage in a modern, simple and cheap way.
KeyLocker is a cloud key storage
KeyLocker is a simple service using the DigiCert ONE platform. Your Code signing certificate will be stored in the cloud together with the private key, and you will not have to worry about its security. It will be available to you anywhere.
Signing then takes place using libraries from DigiCert, which allow the signing application to access the HSM cloud. Only hash-signing is used, which is fast and efficient for data transfer.
Benefits of cloud HSM
DigiCert KeyLocker delivers:
Thanks to KeyLocker, you can automate code signing, but most importantly, you do not need to purchase a hardware HSM. Buying an HSM is expensive and with DigiCert KeyLocker you save. Plus, you get the freedom to sign from anywhere.
How you can get KeyLocker
You can get DigiCert KeyLocker for Code Signing or for a Code Signing EV certificate. When ordering a Code Signing certificate, in addition to the token and HSM, you can also choose storage. For a small additional fee, KeyLocker will be activated and the issued certificate will already be uploaded to the KeyLocker account. You get access to it automatically after the certificate is issued.
Ceník DigiCert KeyLocker price list
KeyLocker is purchased as an additional service to the Code signing certificate. One KeyLocker means 1000 crypto operations; if you use them up, you can easily buy other units.
To get KeyLocker, please email us.
Prices are without VAT.
FAQ - Frequently Asked Questions:
What is the difference between KeyLocker and DigiCert ONE?
KeyLocker is a simple service focused on storing and accessing keys in the cloud. It does not bring you Software Trust Manager or its advanced features, it works simply. However, both services allow automatic signing and integration into CI/CD tools.