1. Home
  2. /
  3. Use cases
  4. /
  5. Code Signing (JAR, CMS, openPGP, Debian, Plain)

Code Signing (JAR, CMS, openPGP, Debian, Plain)

Code signing helps protect the integrity and authenticity of software, containers, and other software packages when it is downloaded over insecure networks or stored and executed on untrusted media.

hero-sub-2-white

Challenge

Managing access and storage of signing keys can be a struggle

As a software supplier or user, you can prevent supply chain attacks, malware, and unauthorized software tampering by only providing/allowing signed software, containers, and applications. In order to make this happen, IT and application teams must have easy access to code signing tools and keys during software development and maintenance. Meanwhile, security teams struggle to manage signing keys, who has access to them, and where they are kept. The signing keys can be found on workstations, repo readme files, and build servers.

arrow

Solution

Sign code och software securely from one flexible platform

SignServer is a high-performance, centrally managed signing key and workflow solution.  You can keep signing keys in secure files (only recommended for testing and prototyping) or with on-premises or cloud-based Hardware Security Modules (HSM).

SignServer supports code and package signing formats for Microsoft, Java, and Android as well as more generic formats such as CMS and PKCS#1. A timestamping service is always included. 

You can sign using APIs, command lines, or consoles without uploading or transferring big files. Automated workflows for continuous delivery, integrated with your DevOps and CI/CD pipelines.

Tutorials

SignServer logo thumbnail
DevOps
2024-11-19

Software Supply Chain security with Chainloop

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
Chainloop
SignServer logo thumbnail
Code signing
DevOps
2024-10-29

Sign Code with GitHub Actions and SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
GitHub Actions
SignServer logo thumbnail
Code signing
DevOps
Get started
2023-09-27

Create OpenPGP signatures with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
OpenPGP
SignServer logo thumbnail
Code signing
Post-quantum
2023-07-04

ML-DSA (Dilithium) Signing Certificate and Signing in SignServer

Set up your first quantum-ready PKI. Create your ML-DSA (Dilithium) Root CAs, Issuing CAs, and end entities for code signing. Then sign data in SignServer. The ML-DSA (Dilithium) algorithm offers strong security and efficiency by l...
Read more
ML-DSA
SignServer logo thumbnail
DevOps
2023-06-08

Sign container images with Cosign and SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
COSIGN
SignServer logo thumbnail
DevOps
2023-06-07

Connect a Jenkins CI pipeline to SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
jenkins
SignServer logo thumbnail
Code signing
2023-06-06

Flexible Code Signing: Try Multiple Formats with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
Signserver
SignServer logo thumbnail
Secure boot OTA
2023-06-05

Set up your ESP32 board with secure updates

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
Espressif

Get inspired

Stay up-to-date on the latest SignServer news and updates through our news feed. From product releases to the newest tutorial videos and guides, our feed provides the latest information on all things related to SignServer. Don't miss out on our upcoming events, live or online, designed to provide valuable knowledge and hands-on experiences. Join our community and stay in the know with SignServer.

PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
18 March, 2025

#KEYMASTER: Understanding VEX and the Future of Vulnerability Management

In this Keymaster episode, we explore VEX (Vulnerability Exploitability Excha...
Read more
PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
11 March, 2025

#KEYMASTER: The Rise of SBOMs – A Growing Necessity

In this episode of #KEYMASTER, we explore the evolving landscape of Software...
Read more
Keyfactor Release
Signing
Release
25 February, 2025

SignServer 7.0 Community has been released

SignServer 7.0 Community, has been released. This new version brings a new, u...
Read more

More inspiration

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data
Close