ZoTrus Application Security Solution

Code Signing, Timestamps, Local Signing, Cloud Signing

Zero trust applications without a trusted identity.

Only trust applications with trusted digital signature and timestamp.

Application software digital signature can be either local USB Key signing or cloud-based HSM signing.

Digitally signed application software and upgrade packages are distributed only through HTTPS encrypted channel.

Only install software update packages with trusted digital signature and timestamp signature.

Learn more

Choose the Right Application Security Service

Code Signing in Cloud HSM

OV Edition

3988 Yuan/Year

Sign now, no limit

Coming soon

EV Edition

4988 Yuan/Year

Sign now, no limit

Coming soon

Code Signing in Local UKey

OV Edition

3988 Yuan/Year

Sign with UKey,
delivered within 24 hours

Coming soon

EV Edition

4988 Yuan/Year

Sign with UKey,
delivered within 24 hours

Coming soon

Microsoft Designated Windows Hardware Partner CA

ZoTrus selects the world's top CA: Sectigo

Microsoft Designated Windows Hardware Partner CA

Supports both USB Key certificate and cloud HSM certificate

Has the oldest root certificate, best compatibility

Learn more

Different code signing cloud service
— unlimited signing count

Cloud code signing service recommend; no need to wait for the hardware UKey to be shipped.

The signing key is hosted in FIPS-certified HSM device.

Complies with CA/Browser Forum and WebTrust requirements.

Follow the Cloud Signing API standard released by Cloud Signature Consortium.

Only upload the HASH value of the software to be signed, not the software itself.

Can sign various types of software code, including .exe, .dll, .sys, etc.

Free accompanying signature tool software, supporting batch signing.

Unlimited number of signing event, China local cloud signing service.

Learn more

Different local code signing
— UKey hardware shipping from Shenzhen, China

Can sign various types of software code, including .exe, .dll, .sys, etc.

EV Code Signing Certificates support Windows logo certification and hardware driver certification.

No need to wait for UKey hardware to be shipped from the US.

Uses China made USB Key, certificate pre-installed in Shenzhen, shipped via SF Express.

The USB key also supports FIDO certification.

The USB key can hold multiple certificates and can be used indefinitely. After the code signing certificate expires, there's no need to replace the USB key; simply renew the certificate.

UKey Product Introduction

Free Timestamping Service

The code signing cloud service attaches a timestamp to each file by default.

USB Key local signing provides free access to timestamp URLs.

Attaching a timestamp signature ensures that the signed code remains valid even after the code signing certificate expires.

Timestamps conform to the international standard RFC3161

Local signing users can freely choose the timestamp service.

Learn more

Cloud signing service is preferred

The validity period of code signing certificates will be shortened from 3 years to 15 months.

It is estimated that the time limit for SSL certificates to 47 days will be applied to code signing certificate.

Only cloud signing services can effectively address the trend of continuously shortening the validity period of code signing certificates.

Welcome to ZoTrus code signing cloud service to get different experience.

Learn more

Dual-algorithm code signing is an inevitable trend

The cloud signing service will default to dual signature (RSA+SM2).

Supports China operating system hardware drivers and software signatures.

Referring Windows code security mechanisms to ensure the security of China operating systems.

Windows verifies RSA signatures; China operating systems verify SM2 signatures.

The SM2 algorithm code signing certificate is issued by a China CA.

Dual-algorithm code signing is an inevitable trend

Choosing code signing service, comparing brand, service, and technical.

ZoTrus Technology founder started by selling code signing certificates and was among the first in China to develop its own brand of code signing certificates. With over 20 years of experience in the industry, understanding every subtle need of users. ZoTrus carefully selects CAs to provide a variety of customized products and services to meet the diverse code signing application needs at different stages of development. ZoTrus is the first in China to implement a dual-algorithm (RSA/SM2) code signing cloud service, innovatively meeting users' application needs for achieving global trust and cryptographic compliance with one time signing.

Top CA Brand

From the six CAs designated by Microsoft, ZoTrus selected Sectigo offering the best cost-performance ratio, a well-established brand with 2004 roots, offers better compatibility with Windows systems and supports more older operating systems.

Two methods: cloud signing and local signing

Two signing methods are offered: cloud signing, representing the future trend as code signing certificates are increasingly shorter in validity, and eliminating the need to wait for the USB key to be shipped; and local signing, a traditional method that does not rely on cloud services, suitable for signing environments without Internet access.
Users can only choose one signing method because the key can only be stored in one location.

Use China-made UKey

For users choosing local signing, a China-made USB Key hardware with FIPS certification is used (optional USB interface or Type C interface), delivered via SF Express from Shenzhen, without the need to wait for the lengthy dozen-day US courier.

Dual algorithms: RSA and SM2

The plan will provide cloud signing users with dual-algorithm (RSA/SM2) dual signatures and dual-algorithm dual-timestamp signatures free of charge, meeting the cryptographic compliance signature application requirements of China operating systems.
The plan is to provide cloud-signing users with free code signing services using hybrid PQC algorithms (RSA+MLDSA and SM2+MLDSA).

ZoTrus Application Security Solution

Code Signing, Timestamps, Local Signing, Cloud Signing

Choose the Right Application Security Service

OV Edition

3988 Yuan/Year

EV Edition

4988 Yuan/Year

OV Edition

3988 Yuan/Year

EV Edition

4988 Yuan/Year

Microsoft Designated Windows Hardware Partner CA

Different code signing cloud service— unlimited signing count

Different local code signing— UKey hardware shipping from Shenzhen, China

Free Timestamping Service

Cloud signing service is preferred

Dual-algorithm code signing is an inevitable trend

Choosing code signing service, comparing brand, service, and technical.

Top CA Brand

Two methods: cloud signing and local signing

Use China-made UKey

Dual algorithms: RSA and SM2

Different code signing cloud service
— unlimited signing count

Different local code signing
— UKey hardware shipping from Shenzhen, China