Breadcrumbs

Introduction

Keyfactor Signum is a code signing and key management SaaS solution. It provides centralized control over digital signing operations, cryptographic key lifecycle management, and Hardware Security Module (HSM) connectivity, all delivered as a managed cloud service.

What is Signum?

Signum delivers a complete signing service as a managed SaaS offering. The platform combines a cloud-hosted HSM, a centralized administration console, and lightweight client Agents that run on developer workstations and build servers. Keys are generated inside the HSM and never leave it. When a signing operation is requested, the Agent authenticates to Signum, the platform evaluates the policies configured for the key, and the private key operation is performed by the HSM while the rest of the signing workflow runs locally on the Agent host.

Key Capabilities

Signing Operations

  • Code signing: Sign executables, libraries, drivers, and packages across platforms.

  • Native signing tools: Seamless integrations leveraging KSP, CSP, PKCS#11, or Keychain (CryptoTokenKit).

  • Document signing: Digitally sign PDFs and other document formats.

  • Time-stamping: Cryptographically prove when a signature was created, which can be powered by SignServer's time-stamp authority.

  • CI/CD integrated signing: Incorporate Signum-based signing directly into automated build and release.

For more information, see Integration & Signing Guides.


Multi-Platform Client Agents

Signum Agents are installed on the systems that perform signing:

  • Windows Agent: Integrates with Microsoft SignTool via KSP and PKCS#11.

  • Linux Agent: Works with OpenSSL, jarsigner, cosign and other tools via PKCS#11.

  • macOS Agent: Integrates with Keychain and supports PKCS#11 for codesign and other utilities.

The Signum Windows Agent supports an attended (interactive) interface, while the other Agents support an unattended interface for CI/CD signing workflows.

For more information, see Signum Agents.


Access Control, Key Management, and Audit

The Signum Admin Web Console is the central control point for the platform. Administrators use it to:

  • Assign users and groups to roles, permissions, and policies that define certificate access.

  • Authenticate administrators via OAuth with your organization's Identity Provider.

  • Generate key pairs and Certificate Signing Requests (CSRs) directly on HSMs. Including the ability to generate key attestation packages.

  • All agent activity is logged and exportable to Syslog or Splunk for compliance and audit.

For configuring Signum, use the Signum Admin Web Console.


If you have questions or would like to learn more about Signum or other Keyfactor products and services, please Contact Us.