Certificates are the IT world’s way of identifying individuals and devices. The person or device in question has to possess a key pair with a secret private key. A central entity (the CA or certificate authority) confirms that the corresponding public key belongs to that person or device. It does so by using a certificate: To authenticate the identity, a cryptographic operation is conducted with the private key and verified with the public key. Additionally, the validity of the certificate itself is checked.

The strong security offered by certificates is immediately apparent when comparing them to passwords. Passwords can be revealed accidentally or shared intentionally by the user. Also, hackers can get access to a password by means of a phishing attack. CodeMeter Certificate Vault holds the keys securely inside the smart card chip embedded in CmDongles, so they cannot be retrieved and copied. While passwords are used time and time again, in the case of certificates, a new cryptographic operation is performed each time a private key is used.

CodeMeter Certificate Vault works as a PKCS#11 compliant token provider, integrating with the Microsoft Cryptographic API Next Generation (CNG) as a Key Storage Provider (KSP), and working with OpenSSL API e.g. to keep and use the keys for TLS certificates. It is fully integrated with many essential applications including browsers, VPNs, and email clients. The keys kept in CmDongles can neither be read nor otherwise accessed, protecting them from all duplication or tampering attempts.

Compared to the typical user convenience of passwords, implementing certificates is a highly intricate process that makes certificates an unpopular choice in many cases. However, an integration in CodeMeter License Central simplifies the creation and rollout of certificates, making them more amenable to widespread use.