PKI Proxy
A secure key server which enables remote code and document signing using centrally stored keys — bring your own keys (BYOK).
DownloadNow Shipping! Featuring expanded platform support, scripting operations, a new Windows KSP, and more!
BYOK Code Signing
Many application developers are increasingly reliant on expensive third-party cloud services for key management, handing control over keys to major cloud providers. This reliance can result in high costs, as cloud signing services charge for each signature and apply restrictive usage limits.
PKI Proxy empowers developers to retain control over their keys with secure, bring-your-own-key (BYOK) code signing, regardless of where the signing takes place.
Flexibly deploy PKI Proxy on-premises or self-host PKI Proxy and control secure access to it inside your own firewall. PKI Proxy is designed to work around your processes, not impose a process on you, and is ideal for teams whose developers and build servers are isolated from one another.
Leveraging powerful cross-platform integration capabilities and a secure communication stack, the private keys remain securely on a single machine under your control — while document or code signing operations can occur nearly anywhere.
With PKI Proxy, you can now bring your own keys (BYOK) for document or code signing, regardless of where the signing occurs. Utilizing our cross-platform, PKCS#11-compliant driver and client-server API, the private keys remain securely on a single machine under your control while document or code signing operations can occur nearly anywhere.
Comprehensive Code Signing Coverage
PKI Proxy provides comprehensive support for certificate kinds and origins, including:
- Hardware security modules (HSMs)
- File-based certificates (PFX files)
- Windows Certificate Stores
- USB hardware tokens, such as Yubikey and DigiCert tokens
Secure Code Signing
The private key never leaves your server, and PKI Proxy employs TLS to secure all communications. To protect remote key access, PKI Proxy supports multiple authentication options. Individual users are only provided access to specific keys as designated by your administrator, and all operations are logged. Built from the ground up using our own technology, PKI Proxy utilizes integrated security and provides an extremely small footprint.
Secure by Design
Built from the ground up using our own technology, with an extremely small surface area and integrated security.
Supports PKCS#11
Works with any PKCS#11-compatible application or library, including all popular code and document signing tools.
Sign Code and Documents
Supports a number of use cases, including digital signatures for documents and code.
Bring Your Own Key
Remotely access your keys (or hardware tokens) from distributed signing systems; no external hardware security modules needed.
Simple Administration
The intuitive management application makes it easy to configure users and choose which certificates to share.
Outstanding Technical Support
Backed by an expert team of support professionals. Free Email Support for everyone. Premium Support also available for a fee.
Product Features
- Getting started is easy--run the installer on the machine with certificates and then deploy the PKCS#11 Driver on your signing systems; there are no shell commands or third party libraries.
- PKI Proxy Server can be run as a Windows Service or standalone application.
- 'Client-side PKCS#11 driver with cross-platform support for Windows, Linux, and macOS
- Sign code and documents remotely, without exposing your private keys.
- Included PKCS#11 Driver allows integration with Jarsigner, SignTool, Adobe Acrobat, and more.
- Simple access control, users are allowlisted to specific keys.
- Standardized Web API for use from any environment.
- Support for hardware tokens and file-based certificates.
- Also supports signature verification and encryption/decryption operations.
- Multiple authentication options, including HTTP Basic and NTLM.
Download Trial
30-Day Fully-Functional Trial
Get started today and see why developers worldwide
choose /n software components.
Order Online
Starting at $999
PKI Proxy includes everything needed to add Remote Signing and Encryption to any application - on any platform or development technology.