Signotaur is a robust, self-hosted platform designed to automate the remote application of trusted code signatures to your software. Acting as a central service, Signotaur manages certificates for signing from remote clients. No user interaction is required when signing with the Signotaur client tool, making it ideal for use with continuous integration (CI) systems.
The server supports a wide range of certificate storage options, including USB hardware security devices such as YubiKey and SafeNet, other PKCS#11-compliant hardware security modules (HSMs), file-based certificates (.pfx), and certificates stored in the Windows Certificate Store. Administrators can register certificates with the server, making them securely accessible to the client tool for signing files. Private keys are never transmitted; only the signature digest is sent over a secure SSL connection, keeping your keys safely on the server.
The Signotaur client provides a command-line interface similar to Microsoft SignTool, simplifying integration with existing build scripts and CI/CD workflows.