ZoTrus Application Security Solution

Code Signing, Timestamps, Local Signing, Cloud Signing

Zero trust applications without a trusted identity.

Only trust applications with trusted digital signature and timestamp.

Application software digital signature can be either local USB Key signing or cloud-based HSM signing.

Digitally signed application software and upgrade packages are distributed only through HTTPS encrypted channel.

Only install software update packages with trusted digital signature and timestamp signature.

Learn more

Choose the Right Application Security Service

Code Signing in Cloud HSM

IV Edition

1388 Yuan/Year

Sign now, no limit

Coming soon

OV Edition

2988 Yuan/Year

Sign now, no limit

Coming soon

EV Edition

3988 Yuan/Year

Sign now, no limit

Coming soon

Code Signing in Local UKey

OV Edition Pro

3988 Yuan/Year

Sign with UKey,
delivered within 24 hours

Coming soon

EV Edition Pro

4988 Yuan/Year

Sign with UKey,
delivered within 24 hours

Coming soon

Different code signing certificate
— dual-brand Microsoft designated

ZoTrus has selected two top-tier global CAs: Sectigo and SSL.com.

Both CAs are Microsoft-designated Windows hardware certification CAs.

SSL.com's advantage lies in its cloud signing service; it's the only CA that provides IV code signing certificate.

Sectigo has the oldest root certificate and the best compatibility.

Dual CA brands, more choices.

Learn more

Different code signing cloud service
— unlimited signing count

Cloud code signing service recommend; no need to wait for the hardware UKey to be shipped.

The signing key is hosted in FIPS-certified HSM device.

Complies with CA/Browser Forum and WebTrust requirements.

Follow the Cloud Signing API standard released by Cloud Signature Consortium.

Only upload the HASH value of the software to be signed, not the software itself.

Can sign various types of software code, including .exe, .dll, .sys, etc.

Free accompanying signature tool software, supporting batch signing.

Unlimited number of signing event, China local cloud signing service.

Learn more

Different local code signing
— UKey hardware shipping from Shenzhen, China

Can sign various types of software code, including .exe, .dll, .sys, etc.

EV Code Signing Certificates support Windows logo certification and hardware driver certification.

No need to wait for UKey hardware to be shipped from the US.

Uses China made USB Key, certificate pre-installed in Shenzhen, shipped via SF Express.

The USB key also supports FIDO certification.

The USB key can hold multiple certificates and can be used indefinitely. After the code signing certificate expires, there's no need to replace the USB key; simply renew the certificate.

UKey Product Introduction

Free Timestamping Service

The code signing cloud service attaches a timestamp to each file by default.

USB Key local signing provides free access to timestamp URLs.

Attaching a timestamp signature ensures that the signed code remains valid even after the code signing certificate expires.

Timestamps conform to the international standard RFC3161

Local signing users can freely choose the timestamp service.

Learn more

Cloud signing service is preferred

The validity period of code signing certificates will be shortened from 3 years to 15 months.

It is estimated that the time limit for SSL certificates to 47 days will be applied to code signing certificate.

Only cloud signing services can effectively address the trend of continuously shortening the validity period of code signing certificates.

Welcome to ZoTrus code signing cloud service to get different experience.

Learn more

Dual-algorithm code signing is an inevitable trend

The cloud signing service will default to dual signature (RSA+SM2).

Supports China operating system hardware drivers and software signatures.

Referring Windows code security mechanisms to ensure the security of China operating systems.

Windows verifies RSA signatures; China operating systems verify SM2 signatures.

The SM2 algorithm code signing certificate is issued by a China CA.

Dual-algorithm code signing is an inevitable trend

Choosing code signing service, comparing brand, service, and technical.

ZoTrus Technology founder started by selling code signing certificates and was among the first in China to develop its own brand of code signing certificates. With over 20 years of experience in the industry, understanding every subtle need of users. ZoTrus carefully selects CAs to provide a variety of customized products and services to meet the diverse code signing application needs at different stages of development. ZoTrus is the first in China to implement a dual-algorithm (RSA/SM2) code signing cloud service, innovatively meeting users' application needs for achieving global trust and cryptographic compliance with one time signing.

Dual CA Brands

From the six CAs designated by Microsoft, ZoTrus selected two CAs offering the best cost-performance ratio: Sectigo, a well-established brand with 2004 roots, offers better compatibility with Windows systems and supports more older operating systems. SSL.com, provides a more affordable price and a wider selection of signing methods. This caters to the diverse needs of users regarding brand and application.

Two methods: cloud signing and local signing

Two signing methods are offered: cloud signing, representing the future trend as code signing certificates are increasingly shorter in validity, and eliminating the need to wait for the USB key to be shipped; and local signing, a traditional method that does not rely on cloud services, suitable for signing environments without Internet access.
Users can only choose one signing method because the key can only be stored in one location.

Dual UKey support: domestic and foreign products

For users who choose local signing, selecting a Sectigo certificate uses China made USB Key hardware and is shipped via SF Express in Shenzhen, eliminating the need to wait for a 10-day US shipment.
Users who choose SSL.com certificates can purchase a designated foreign brand USB key – Yubikey by themselves, without having to wait for US shipment.

Dual algorithms: RSA and SM2

The plan will provide cloud signing users with dual-algorithm (RSA/SM2) dual signatures and dual-algorithm dual-timestamp signatures free of charge, meeting the cryptographic compliance signature application requirements of China operating systems.
The plan is to provide cloud-signing users with free code signing services using hybrid PQC algorithms (RSA+MLDSA and SM2+MLDSA).

ZoTrus Application Security Solution

Code Signing, Timestamps, Local Signing, Cloud Signing

Choose the Right Application Security Service

IV Edition

1388 Yuan/Year

OV Edition

2988 Yuan/Year

EV Edition

3988 Yuan/Year

OV Edition Pro

3988 Yuan/Year

EV Edition Pro

4988 Yuan/Year

Different code signing certificate— dual-brand Microsoft designated

Different code signing cloud service— unlimited signing count

Different local code signing— UKey hardware shipping from Shenzhen, China

Free Timestamping Service

Cloud signing service is preferred

Dual-algorithm code signing is an inevitable trend

Choosing code signing service, comparing brand, service, and technical.

Dual CA Brands

Two methods: cloud signing and local signing

Dual UKey support: domestic and foreign products

Dual algorithms: RSA and SM2

Different code signing certificate
— dual-brand Microsoft designated

Different code signing cloud service
— unlimited signing count

Different local code signing
— UKey hardware shipping from Shenzhen, China