![Day[Z] Titan Launcher logo](/assets/img/logo2.webp?v=1781090027){kind=logo}
Day[Z] Titan Launcher
Every mod that runs on a DayZ server needs a signature, and a signature needs a key. The key authenticates your mod: the server and the connecting player both have to agree on it, or the join is rejected. This tutorial walks through the whole chain with DayZ Tools - creating the key pair in DSUtils, signing your PBO, and dropping the public key in the right folder so your server accepts the mod.
Get it on Steam — DayZ Tools (DSUtils)Follow these in order. The first half creates the key, the middle signs your PBO, and the last steps deploy the key so a server will actually load the mod.
Open Steam and switch your library filter from Games to Tools. In the Tools list you will find several DayZ entries - DayZ Server, DayZ Experimental Server, and so on - but the one you need is simply called DayZ Tools.
DayZ Tools is the free official toolkit (Steam App 830640) and it is what actually generates and applies the keys. Install it before you do anything else; nothing in this guide works without it.
Get it on Steam — DayZ Tools (DSUtils)
Once DayZ Tools is installed, launch it. It opens a small launcher menu with the individual tools. The one you want for signing is the signing utility, DSUtils.
Open it and take a moment to look at the window. It has a panel for managing keys at the top and a file list and processing controls below. This is the only tool you will touch for the rest of the tutorial.
In the signing tool, press the N button to start a new key. A destination path appears - this is the folder where the finished key will be written, so note it down because you will come back here later to collect the files.
Creating a key actually produces a pair: a private key with the .biprivatekey extension that you keep secret, and a matching public .bikey that you hand out. Think of the private key as the thing that signs and the public key as the lock that verifies - they only work together.
Make sure the option to use this authority to sign files is checked, otherwise the key will not actually be applied to your PBOs. Then type an authority name. This can be anything - most people use their server name or a short tag for their mod. In this example the authority is named ML.
Click Create key. The path to your new key now shows in the tool, confirming the pair was generated. Pick a name you are happy to see publicly, because the .bikey filename carries this authority name with it.
A mod has to be laid out as a proper folder structure before it can be signed. Create a new folder named with an @ prefix followed by your mod name - for example @LoadingScreen for a custom loading screen, or your map name if you are building a map. The @ prefix is how DayZ recognises a mod folder.
Inside that folder, create an addons folder. The addons folder is where your packed PBO file lives. If you followed a packing tutorial you will already have a PBO ready to drop in here.
Alongside addons you can also create a keys folder, but it is not always required. You only need a keys folder inside the mod itself when you are making the mod public - for example a map you want other people to run on their own servers. In that case the public .bikey ships inside the mod so anyone downloading it can verify it.
If the mod is private and only ever runs on your own server - a loading screen, a server-only tweak - you do not need a keys folder inside the mod at all. The server gets the key a different way, covered in the final step. It is fine to leave an empty keys folder there for later if you might publish.
Back in DSUtils, use Add source directory and point it at your mod’s addons folder. Your PBO appears in the file list, and it will show as signed false - meaning it has no .bisign next to it yet and is therefore unsigned.
Before processing, enable two options. Tick Sign file list so the tool signs the listed files, and tick Override signatures so it replaces any old signature if the PBO was signed before. With both enabled you are ready to process.
Click Process files. The tool runs through your PBO and applies the signature using the key you created. This only takes a moment for a single mod.
Watch the status indicator. If something fails to sign it shows a red X; if it succeeds it shows a green check mark. A green check means the signature was written and a new .bisign file now sits right next to your PBO in the addons folder.
After a successful process you will see the .bisign file carrying your authority name - in this example ML.bisign - sitting beside the PBO. This file is the proof that your PBO was signed by your key.
Leave the .bisign exactly where it is, inside the addons folder next to the PBO. The moment you move or delete it the mod is no longer signed, it will stop working on your server, and connecting players will get a join error telling them the signature does not match.
Now collect the keys you made. Open the destination folder from step three, open the private .biprivatekey, copy its contents and keep it somewhere safe - you never give this private key out to anyone, ever. The public .bikey is the one you distribute.
For your own server, copy the whole @Mod folder onto the server, then place the public .bikey into the server’s keys folder - the same folder that already holds the DayZ key, because everything in DayZ is signed. Boot the server with the exact same mod and you can connect.
For a public mod, instead place the .bikey inside the mod’s own keys folder before you publish it. Then anyone who downloads it gets the key bundled in, so it verifies on their server too. The key and the signature are the lock and the key - they only open the door together.
The .biprivatekey is your secret signing key - keep it private. The .bisign is the signature written next to each PBO when you sign it. The .bikey is the public key that goes on the server (or in a public mod’s keys folder) so the signature can be verified.
No. You only need a keys folder inside the mod when you publish it for other people to run on their servers. For a private, server-only mod you just place the .bikey in the server’s own keys folder instead.
Usually the .bikey is missing from the server keys folder, the server and player are running different mod versions, or the .bisign was moved out of the addons folder. Make sure the same signed mod is on both ends and the public key is installed on the server.
Yes, the signing process works on any PBO regardless of who made it - you point DSUtils at the addons folder and sign it with your own key. That is exactly what the tutorial does with a borrowed mod as a template.
DayZ Tools, the free official toolkit on Steam (App 830640). Inside it you launch the signing utility, DSUtils, which both generates the key pair and applies the signatures.