PDA

View Full Version : Support for Extended Validity (EV) code-signing in SB8.1


NewsArchive
04-16-2014, 11:24 AM
All,

We have added experimental support for the Extended Validity (EV)
code-signing certificate type to the upcoming SetupBuilder 8.1 maintenance
build. It is not possible to "export" an EV key (.pfx) because it's a
physical device that has to be plugged into a machine and read with a
special driver. The driver imports it directly into the cert keychain that
is read by Microsoft SignTool.

To handle EV code-signing certificates, we have added a new "macro" (EVCS =
Extended Validation Code Signing) which can be used in the "PFX File" entry
field.

For example: EVCS://subject name

where subject name is the text listed under the "Issued to" field in
Personal/Certificates. The compiler will then select the EV code-signing
certificate.

The macro also works with non-EV certificates. Please note that you have to
use a key without the "strong private key protection" option. If you have a
key with this option enabled, export the key and re-import without this
protection level.

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

--Helping You Build Better Installations
--SetupBuilder "point. click. ship"
--Create Windows 8 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner
NewsArchive
04-16-2014, 11:24 AM
Friedrich,

> physical device that has to be plugged into a machine

Just when you thought it was safe to program, the dongle returns!<g>

Just pray MS doesn't try to shove this down our throats as a necessity
as they basically have with current code signing requirements.

--
Lee White

RPM Report Viewer.: http://www.cwaddons.com/products/rpm/
RPM Review........: http://www.clarionmag.com/cmag/v11/v11n06rpm.html
Report Faxing.....: http://www.cwaddons.com/products/afe/
---Enroll Today---: http://CWaddons.com

Creative Reporting: http://www.CreativeReporting.com

Product Release & Update Notices
http://twitter.com/DeveloperPLUS

Windows 8 brings us "The Oval, Bumper Car, Roller Coaster of Wait!"
NewsArchive
04-16-2014, 11:24 AM
Lee,

>> physical device that has to be plugged into a machine
>
> Just when you thought it was safe to program, the dongle returns!<g>

<BG>

> Just pray MS doesn't try to shove this down our throats as a necessity
> as they basically have with current code signing requirements.

I agree 100%. This really is a "rip-off" certificate. $449 per year !!!

https://www.digicert.com/order/order-1.php

Friedrich
NewsArchive
04-16-2014, 11:25 AM
Maybe you could get Comodo to do EV code signing?

Smaller dongle for less money<g>

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.
NewsArchive
04-22-2014, 02:50 AM
You know it's not the size of the dongle that counts.. but how much you pay
for it.

Ray