January 15, 2020

NewsCode signingSignServer CloudSignServer EnterpriseSignServer Hardware ApplianceSignServer Software ApplianceSupply chain security

SignServer Enterprise supports OpenPGP and Debian package signing

PGP Signing

SignServer Enterprise has expanded its code signing capabilities and added support for OpenPGP signing and Debian package signing.

If you’re not familiar with code signing, it is the process of digitally signing code, executables, scripts, and software update packages to confirm the creator of the code and to be able to validate that the code has not been manipulated or unintentionally corrupted since it was signed. PrimeKey SignServer is a server-side code signing software that supports multiple code signing formats. Open PGP and Debian package signing are two of the latest additions.

OpenPGP signing

OpenPGP is commonly used for Open Source software projects and also for packaging software for Linux environments in general. The SignServer OpenPGP signer can sign arbitrary data and produce an OpenPGP (RFC 4880) detached signature in binary or ASCII form, or a cleartext signature.

Debian package signing

In addition to OpenPGP signing, Debian package signing support has been added. Debian is a popular and freely-available operating system. A wide range of organizations use the Debian operating system and the system is also known for being an effective packaging system. SignServer has now extended its code signing capabilities to support signing of Debian packages using the dpkg-sig format and OpenPGP. The key management operations are the same as the generic OpenPGP Signer in SignServer Enterprise.

SignServer configuration and operation

Configuring your Debian package signer or OpenPGP signer in SignServer is easy and your applications can access the Debian or OpenPGP signer via an integration directly to the web services web interface, or via the SignServer SignClient. The signing functionality is also available to users via a user-friendly web interface. Users and applications are always authenticated, and all logfiles are signed to ensure proper audit and logging functionality. Neither the Debian package signing nor the OpenPGP signing format uses X.509 certificates. For SignServer, the Debian and OpenPGP signing operations are, however, handled as any other code signing operation and we recommend using a Hardware Security Module (HSM) to store the private key and execute the signing operation.

For more information:


SignServer Documentation