Newsletter
Do you prefer to receive KeyTalk news directly in your mailbox? Sign up for our newsletter!
* Important Support Notice *
Due to necessary local maintenance on our KeyTalk Network environment
the KeyTalk Cloud environment will not be accessible to our customers.
The maintenance is due to happen from 12:30 to 14:30 UTC
This notice will be updated with more information when available.
If you have any questions or concerns about this please reach out to us via telephone or e-mail.
Questions?
Any specific questions? Perhaps the frequently asked questions or downloads will help you further.
Other questions, or are you just wondering what KeyTalk can do for your organization? Feel free to contact us. We would greatly enjoy thinking about it together.
We also offer our customers 24/7 support.
Can KeyTalk handle certificates from multiple Certificate Authorities (CAs)?
I want to use a Certificate Authority, but KeyTalk doesn't seem to support it! Is this even possible?
Can KeyTalk manage asymmetric public/private crypto keys?
Does KeyTalk support short-lived X.509 certificates?
Our definition of short-lived X.509 certificates: certificates that do not last longer than the time it takes for a current Certificate Revocation List (CRL) to be updated and distributed from the moment they are issued. Do you normally work with CRLs that are updated once a day? Then, short-lived certificates are valid 24 hours shorter. Online Certificate Status Protocol (OCSP) radiators are theoretically much faster than CRLs to update, but in practice, it usually takes longer than the average time to update a CRL to establish the necessity of including a certificate in an OCSP up to and including the actual inclusion of a certificate in an OCSP. This means that OCSPs are usually no more practical than a CRL when it comes to short-lived X.509 certificates.
KeyTalk can assign any lifespan to a certificate to be issued, as the target Certificate Authority supports this. The shortest validity that KeyTalk can assign to a certificate is 1 second.
Downloads
Windows: Enterprise KeyTalk agent
Version: 7.9.3
About
Download: Default
Hashcode: SHA256: a2db9d368a51b33601df5c8cb00b8ce2bd976bbac43a53a04fbef40d8b9d98c6
KeyTalk Enterprise agent 7.9.3 brings the latest KeyTalk functionality to Windows 11, as well as Windows Server 2016 – 2022 with IIS 10 and IBM WebSphere 9.x and any other application you can provide a custom PowerShell script for.
All default Windows certificate store supporting browsers are supported including Google Chrome, Microsoft IE, Edge, Opera, Brave, and Safari.
Secure Email Service Windows agent
Version: 7.9.3
About
Download: Default
Hashcode: SHA256: 48184d192427662435c678aba3be6f89dc9484c519e1db05d1b26b29899409bb
► Manual
Our latest simplified agent for Windows adds support for automated recent and historic Shared Mailbox S/MIME fetching, installation and configuration for Classic Outlook.
Two versions are offered. One containing technology to discover and collect Authentication, S/MIME and/or TLS certificates and keys. AND one version not containing this discovery and collection technology.
__PRESENT
KeyTalk agent for Mac
Version: 7.9.0
About
Download: App Store
Hashcode: n.a.
KeyTalk agent for Mac version 7.9.0 brings the latest KeyTalk functionality to Apple’s OSX devices.
It supports the latest CA/B forum requirement for public trusted S/MIME issuance.
Our optional hardware recognition adds an additional factor on top of your existing authentication. This client is compatible as of KeyTalk virtual appliance 7.9.0.
Download the most recent DMG here SHA256: 51874912bd9fbbdbd7dcea6bd78c9ff90085647fd8187cd0c7700ee225bdd38f
Download the most recent PKG here SHA256: c858d75129ba5168a3d336d5430bfa2a8383ee6be4c89ade07a7eb3d070db27d
__PRESENT
Linux and Apache/TomCat KeyTalk agent
Version: 7.9.0
About
Download: Default
Hashcode: SHA256: cd9a1dc81889b26f22c480c2e9bec39ff2c364c095087f30e679ac4341dd1d03
KeyTalk’s command prompt client 7.9.0 brings KeyTalk issued and managed certificates to various Linux OS.
7.9.0 adds support for Ubuntu 24.04 incl TPM key attestation, and updates the Ubuntu 22.04 agent to support the latest TPMs as well.
KeyTalk’s optional hardware recognition leverages your existing authentication, and enables you to easily recognize BYOD and Corporate devices to belong to only specific employees, partners, and customers.
KeyTalk virtual application server OVF/VMDK for VMware and AWS
Version: 7.6.1
About
Download: Default
Hashcode: https://keytalk.com/support#
KeyTalk 7.6.1 (ZIP = 25.4 GB) virtual appliance (Ubuntu 22.04 LTS based) in OVF/VMDK format brings you the latest KeyTalk X.509 certificate automated life-cycle management and seamless enrollment for client, server and Internet of Things devices. For your internal private CA’s and public CA’s.
Use it to automate replacing your X.509 certificates on any device, and always have up to date strong keys and certificate meta data in your SSL/TLS certificates.
Customers and partners can install this virtual appliance onto their VMWare ESXi environment.
For AWS, simply login to your AWS account, search in public AMI for KeyTalk and launch the KeyTalk CKMS AMI from any region.
Need a production or trial license? Just contact your preferred KeyTalk partner or email us, and we will have you up and running in no time.
To decrypt any created encrypted native KeyTalk backups or Problem reports, you will need a Linux system running this AES-256-GCM decryption tool.
Do check if a new firmware update exists on this page to upgrade this virtual appliance to the latest greatest version.
For High Availablity clustering, you will need a Load Balancer and a MySQL DB to store the shared data between multiple KeyTalk virtual appliance front-ends.
The latest single (ie non-clustered) stand-alone MySQL 8 virtual appliance (ZIP 5.16 GB), compatible as of KeyTalk firmware 7.6.1 can be downloaded here. SHA256: EE8FF29934D9AB82E12C169B90C7F81706388A9402897358AD80E17EC116DE4D
Should you already have a single or clustered MySQL DB in your network, or wish to make use of an Azure Flexi Server, you can use this documentation to setup your own DB.
KeyTalk virtual application server VHD for Azure and Hyper-V
Version: 7.6.1
About
Download: Default
Hashcode: https://keytalk.com/support#
KeyTalk 7.6.1 (ZIP = 31.2 GB) virtual appliance (Ubuntu 22.04 LTS based) in VHD (GEN-1 DISK) format brings you the latest KeyTalk X.509 certificate automated life-cycle management and seamless enrollment to client, server and Internet of Things devices. For your internal private CA’s and public CA’s.
Use it to automate replacing your X.509 certificates on any device, and always have up to date strong keys and certificate meta data in your SSL/TLS certificates.
Customers and partners can install this virtual appliance onto their Hyper-V and Azure environment.
Need a production or trial license? Just contact your preferred KeyTalk partner or email us, and we will have you up and running in no time.
To decrypt any created encrypted native KeyTalk backups or Problem reports, you will need a Linux system running this AES-256-GCM decryption tool.
Do check if a new firmware update exists on this page to upgrade this virtual appliance to the latest greatest version.
For High Availablity clustering, you will need a Load Balancer and a MySQL DB to store the shared data between multiple KeyTalk virtual appliance front-ends.
The latest single (ie non-clustered) stand-alone MySQL 8 virtual appliance (ZIP 7.66GB), compatible as of KeyTalk firmware 7.6.1 can be downloaded here. SHA256: 2BFC27E002518E7EE11133523D08FB7684B1780A40C5E69808D0CC2EBF45C34F
Should you already have a single or clustered MySQL DB in your network, or wish to make use of an Azure Flexi Server, you can use this documentation to setup your own DB.
KeyTalk firmware upgrade
Version: 7.9.8
About
Download: Default
Hashcode: SHA256: 61b0ae22e6594ada1362c02f984d094e0042eb1436b984ecacbfc3c209f9f6a6
KeyTalk’s 7.9.8 firmware update release upgrades your KeyTalk 7 virtual appliance to the latest production release .
It additionally updates your connected KeyTalk MySQL Db provided it is connected to the KeyTalk virtual appliance you upload this firmware update to.
This update primarily adds KeyTalk’s module to support issuing under a private CA of native Post-Quantum Cryptogaphy (PQC) based certificates and private keys. Our initial release focusses on ML-KEM and ML-DSA, and is considered a BETA release.
To test with PQC certificates, you can make use of our pre-configured NGINX PQC docker image. It can be downloaded here. SHA256: 40bde801a2f617d6120b0fec516305f95cef78daeb5e5b61eccc7972e26148ae
For the full details of this release kindly read the Release Notes.
Before upgrading always back-up / snap-shot your KeyTalk environment (server and Db)!
Need the last KeyTalk 6.6.3 firmware (720 MB), you can download it here.
__PRESENT
__PRESENT
__PRESENT
__PRESENT
__PRESENT
KeyTalk API as of firmware
Version: 7.9.8
About
Download: Default
Hashcode: SHA256: 5fd855961d033e1b5351157c8f68b897edaf3de153da7a6eedd4d60f27d7a8be
KeyTalk’s modern API gives app and software developers maximum freedom to incorporate secure encrypted data-in-motion and authentication to a suitable backend into their own software.
The KeyTalk client API is typically used to ensure end-points receive their certificate (and key) and is also used in our client software.
KeyTalk’s admin API is typically used to automate certificate management from a target system such as Service Now, or on a management system proxy.
Lastly KeyTalk’s Outbound Management API spec describes how third party certificate providers can provide their own API interface code for KeyTalk to easily integrate into its products. Enabling integration with any certificate provider in the world with minimal effort.
Our RESTful API makes use of JSON calls over TLS making it lightweight and easy to add to any existing code.
Additionally the API allows any developer to determine their own hardware footprint of a device, contrary to KeyTalk’s clients which enforce specific hardware/software characteristics.
You can find a sample Python code on how to potentially add the KeyTalk REST API to your own code here: sample code
