Standard and new EV Code-Signing Certificates
All,
as you probably know, SetupBuilder 2019 supports both Standard Code-Signing
and Extended Validation (EV) Code Signing.
"Comodo EV Code Signing gives you the tools to have your software trusted
across all browsers. The place you'll see the most gains is with Microsoft
users behind the SmartScreen filter. EV Code Signing established instant
application reputation with SmartScreen, effectively killing those
download-killing browser warnings and paving the way for more
conversions-more money. EV Code Signing also comes with an added layer of
security. To prevent unauthorized access to your private key, it is stored
on an external hardware token. The Extended Validation process is easy to
navigate and can be completed quickly. And the benefits are undeniable."
If you're looking for a "Standard" or "EV" Code-Signing certificate, why not
save some money and make use of the "SetupBuilder Deal".
http://www.lindersoft.com/order_codesigning.htm
- Comodo Standard Code Signing
1-Year : $79
2-Years : $143
3-Years : $200
- Comodo Extended Validation (EV) Code Signing
1-Year EV : $279
2-Years EV : $489
3-Years EV : $628
Note: since the private key is stored on the hardware token, for security it
cannot be copied or exported to create a PFX file.
--
Friedrich Linder
Lindersoft | SetupBuilder | www.lindersoft.com
Voice: +1.954.537.3701 | Fax: +1.954.537.3702
--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner
Re: Standard and new EV Code-Signing Certificates
Re: Standard and new EV Code-Signing Certificates
Hi Friedrich,
> ......To prevent unauthorized access to your private key, it is stored
> on an external hardware token......
What does that mean?
Sounds almost like we're back to dongles again.
Graham
Re: Standard and new EV Code-Signing Certificates
Smart Card Tokens, according to this 3rd party vendor.
Although it sounds inconvenient, I can see how this would be a good
thing.
https://comodosslstore.com/code-sign...ng-certificate
Jeff Slarve
www.jssoftware.com
Ones and Zeros are my Heroes
Re: Standard and new EV Code-Signing Certificates
Hi Jeff,
Seems the Safe-NET token comes on USB
https://support.globalsign.com/custo...ng-certificate
Graham
Re: Standard and new EV Code-Signing Certificates
And unlike other certificates, in this case Comodo has a copy of your
private key (since they're writing it onto the device that they mail
to you.)
With a regular certificate, the private key stays on your computer and
never gets sent to them.
jf
Re: Standard and new EV Code-Signing Certificates
Hi Graham,
>> ......To prevent unauthorized access to your private key, it is stored
>> on an external hardware token......
>
> What does that mean?
> Sounds almost like we're back to dongles again.
Ohhh yes :-( USB dongle...
Friedrich
Re: Standard and new EV Code-Signing Certificates
Hi Jeff,
> Smart Card Tokens, according to this 3rd party vendor.
>
> Although it sounds inconvenient, I can see how this would be a good
> thing.
But the moment you hook it up to the computer it's fair game for
hackers. Just putting the stuff on a card doesn't make it any more
secure.
Best regards,
--
Arnor Baldvinsson
Icetips Alta LLC
Re: Standard and new EV Code-Signing Certificates
On 2.4.2019 4.08, Arnor Baldvinsson wrote:
> But the moment you hook it up to the computer it's fair game for
> hackers. Just putting the stuff on a card doesn't make it any more secure.
Once the EV certificate private key is installed on the USB security
token, it cannot be extracted or copied from the device, since it is
stored securely in a tamper-proof memory area on the device (write-only
/ write-once in that sense). Signature operations are completed on the
device itself with a certificate password used to unlock the private
key, so the token must be plugged in for the certificate to be available
for operations.
So hackers can't copy your certificate and they would need to physically
steal the token to use it.
Cheers,
--
Timo
Re: Standard and new EV Code-Signing Certificates
Hi Timo,
> Once the EV certificate private key is installed on the USB security
> token, it cannot be extracted or copied from the device, since it is
Somehow it must be read from the stick.
> So hackers can't copy your certificate and they would need to physically
> steal the token to use it.
Those things can be duplicated. Seen it done. Disappearing a USB stick
isnt's much of a challenge - I manage that all by myself it seems!<bg>
Best regards,
--
Arnor Baldvinsson
Icetips Alta LLC