Key Ceremony

​

The Key Ceremony is the foundational step in establishing your PKI. This controlled procedure acts first to produce the system’s cryptographic material, including the Root and Intermediate Certification Authorities (CAs).

​

• Secure Execution: Performed on-site with Security Pattern experts using dedicated, air-gapped hardware to ensure zero external communication during key generation.

• Hardware Protection: All generated private keys are stored directly onto customer-kept Hardware Security Modules (HSMs), such as physical Nitrokeys or cloud-based HSMs.

• Long-Term Governance: Structured to support a 20+ year lifecycle, defining the optimal balance between high-level key protection and robust disaster recovery.

​

​

Certificate Machine

​

The Certificate Machine leverages the material from the Key Ceremony to provide unique digital identities to each device during the manufacturing process.

​

• Line Integration: A Python-based application or executable that your production team runs directly on the manufacturing line.

• Identity Management: It generates compliant X.509 digital certificates and private keys for new entities, ensuring strict control over unique device identities.

• Flexible Interface: Includes a comprehensive set of APIs to integrate smoothly with existing production software and hardware.

​

​

Signing Machine: Code Authenticity & Integrity

​

The Signing Machine secures your software by performing digital signatures and optional encryption on firmware binaries during the development phase.

​

• R&D Empowerment: Used by development teams within their R&D environment to sign code before release.

• Compatibility: Ensures cryptographic coherence and compatibility across diverse hardware platforms and secure boot mechanisms.

• Workflow Integration: Provides APIs for seamless integration into your existing build machines and automated CI/CD pipelines.