Keyfactor

Unleash the power of identity-first security

With the proliferation of devices, workloads, and transactions, the landscape of digital trust has become increasingly intricate and crucial. Keyfactor’s identity-first security solutions establish control and empower your business by enabling automated scaling for every device and workload. This unique approach ensures you gain unparalleled agility, power, and scalability.

Robust, highly scalable PKI for enterprise or IoT.

PQC-ready PKI platform that deploys fast, runs anywhere, and scales on-demand — so you can issue and manage thousands, even billions of certificates, with no problem.

  • Protocol and API options: Automate certificate enrollment via ACME, SCEP, EST, CMP, Microsoft Autoenrollment, SOAP, and REST API.
  • Modular architecture: Securely segment CA, registration authority (RA), and validation authority (VA) functions on separate instances.
  • Multitenancy: To support high availability and performance, run your entire PKI hierarchy on a single instance or cluster node.
  • Detailed audit logs: Ensure compliance with detailed and signed audit logs and tools to import and export configurations.
  • Single platform: Centrally issue and manage certificates compliant with X.509, SSH, C-ITS, and other industry standards, all from one console.
  • PQC Ready: Support for NIST PQC candidate algorithms and hybrid certificates to prepare for the transition to quantum-safe.

Visibility, control, and automation for IoT and machine IDs.

Get complete visibility, orchestration, and automation across your entire PKI and certificate landscape from one platform. Our comprehensive solutions ensure you’re well-equipped to handle any situation, eliminating guesswork, unexpected outages, and manual, error-prone PKI processes.

  • Complete visibility: Find every certificate in every location using real-time CA synchronization, network scanning, and agent-based or agentless discovery of key and trust stores.
  • Metadata and search: Tag and group certificates logically using unique metadata. Find that one certificate you’re looking for in just seconds with an easy-to-use certificate search engine.
  • Granular controls: Set role-based permissions to control what users and groups can see and do within the platform. Require approvals and define workflows for enrollment and revocation.
  • Self-service enrollment: Provide programmatic or self-service certificate enrollment via an intuitive portal or REST API. Or leverage multiple open-source integrations and plugins.
  • Scalable orchestration: Deploy modular orchestrators to automatically provision certificates directly to network endpoints, load balancers, servers, and cloud workloads.
  • Reporting and alerts: With a simple right-click, you can generate custom or out-of-the-box reports, send alerts via email or chat tools, and renew, revoke, or drill down into certificate details.

Manage and automate IoT device identities.

Establish and maintain trust in IoT products throughout their lifecycle with Keyfactor Command for IoT. Our reliable, end-to-end IoT identity management solution integrates with PKI to issue, manage, and automate IoT device certificates from manufacturing to end-of-life, giving you the confidence you need.

  • Lightweight C-Agent: Use a lightweight C POSIX, Android, or Java agent to enable on-device identity lifecycle management and automation.
  • Automated provisioning: Automatically renew and provision certificates to remote devices anywhere, from any public or private CA.
  • One-click revocation: Respond to incidents or decommission devices at scale with simple one-click revocation of one certificate or millions.
  • Integrated PKI platform: Combine Keyfactor Command for IoT with EJBCA Enterprise to issue IoT identities at a massive scale from a trusted PKI platform.
  • APIs and Integrations: Easily integrate with third-party CAs, cloud services, and IoT platforms such as Azure IoT Hub, Google Cloud IoT Core, and more.
  • Complete visibility: Meet compliance requirements and simplify audits with real-time visibility of all certificates and easy-to-generate reports.

Enable DevOps with fast, policy-compliant signing.

Secure code signing as a service makes signing effortless for developers and easy to manage for security. With Keyfactor Signum, sensitive keys are protected, policy is automated, and signing is integrated with your tools and build processes.

  • HSM-backed keys: Generate and store private signing keys in a FIPS 140-2 certified HSM and ensure they never leave the HSM.
  • Policy enforcement: Set granular access controls for signing, such as authorized users, devices, signing tools, time windows, and more.
  • Native integration: Agents for Windows (KSP) and Linux (PKCS11) are compatible with platform-native tools to enable remote signing.
  • Event logs: Maintain an irrefutable log of all signing key access and usage activities to identify anomalies and simplify audits.
  • Authentication: Integrate with your identity provider (e.g., Azure AD, Okta) to enable SAML, OAuth, or basic authentication.
  • Key attestation: Keyfactor can support customers by generating attestation of the signing keys, which will help customers comply with upcoming changes from public CAs.

Digitally sign code and documents at scale.

Sign firmware, code, documents, and ePassports at a massive scale. SignServer Enterprise is a powerful digital signing engine that makes it easy to automate signing workflows and supports multiple signing formats and use cases.

  • Secure key storage: Integrate with on-premises or cloud-based Hardware Security Modules (HSMs) to generate and store keys centrally.
  • One platform, any format: Sign in any format with support for PDF, XML, CMS, MS Authenticode, Java, Android and JAR signing, and many more.
  • Time stamping: Apply secure timestamps to prove the time of signature and long-term validity, supporting RFC 3161 and Authenticode time stamps.
  • High performance: Enable fast and secure signing via API, command line, or console without uploading or transferring large files.
  • Access controls: Authenticate and authorize signature requests via X.509 certificate authentication, OAuth, basic authentication, or IP address.
  • Detailed audit logs: Easy-to-audit, thorough, and signed audit logs ensure proven traceability of every transaction and signing activity.

Why Keyfactor?

  • One Solution Stack
  • Flexible Deployment
  • Automation that works
  • Trust and Compliance
  • Adopted by a Global Community
  • Interoperability
  • Quantum- readiness

Crypto-Agility: Embedded Security for Any Device

Design and Build Secure IoT Devices at Scale.

Keyfactor Control empowered manufacturers to design, deliver, and maintain the most trusted connected devices on the market.