We use ZXPSignCMD tool for signing an Adobe CEP extension. We have a mandate to update all the company’s signings to D-KMS (Key Management System), a HSM (Hardware Security Module) backed service (see New private key storage requirement for Code Signing certificates).
In the documentation of the tool CEP-Resources/ZXPSignCMD/SigningTechNote_CC.pdf at master · Adobe-CEP/CEP-Resources · GitHub we don’t see any reference on HSM support.
Are any plans on updating the tool to support this?
1 Like
I moved this post because a customer recently pointed to finding it. There’s no category in the UXP forum that this particularly fits.
To answer the question; not only are there no plans for HSM support, there are no plans to update the ZXPSignCmd tool at all. (At least at the time I’m writing this.)
Hello, please suggest then how to sign the extensions with the new certificates. IIRC we can even sign with self signed certificates even for production. Is that true?
Thanks,
Only self-signing is currently supported.
This could change in the future, but not soon, and I don’t have a timeline.