Standard and new EV Code-Signing Certificates

[NewsArchive]

All,

as you probably know, SetupBuilder 2019 supports both Standard Code-Signing
and Extended Validation (EV) Code Signing.

"Comodo EV Code Signing gives you the tools to have your software trusted
across all browsers. The place you'll see the most gains is with Microsoft
users behind the SmartScreen filter. EV Code Signing established instant
application reputation with SmartScreen, effectively killing those
download-killing browser warnings and paving the way for more
conversions-more money. EV Code Signing also comes with an added layer of
security. To prevent unauthorized access to your private key, it is stored
on an external hardware token. The Extended Validation process is easy to
navigate and can be completed quickly. And the benefits are undeniable."

If you're looking for a "Standard" or "EV" Code-Signing certificate, why not
save some money and make use of the "SetupBuilder Deal".

http://www.lindersoft.com/order_codesigning.htm

- Comodo Standard Code Signing
1-Year : $79
2-Years : $143
3-Years : $200

- Comodo Extended Validation (EV) Code Signing
1-Year EV : $279
2-Years EV : $489
3-Years EV : $628

Note: since the private key is stored on the hardware token, for security it
cannot be copied or exported to create a PFX file.

--
Friedrich Linder
Lindersoft | SetupBuilder | www.lindersoft.com
Voice: +1.954.537.3701 | Fax: +1.954.537.3702

--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner

[NewsArchive]

Two interesting "reputation building" threads (for "Standard" Code-Signing
Certificates)

http://www.lindersoft.com/forums/sho...0067#post90067

http://www.lindersoft.com/forums/sho...hots-attached)

Friedrich

[NewsArchive]

Hi Friedrich,

> ......To prevent unauthorized access to your private key, it is stored
> on an external hardware token......
What does that mean?
Sounds almost like we're back to dongles again.

Graham

[NewsArchive]

Smart Card Tokens, according to this 3rd party vendor.

Although it sounds inconvenient, I can see how this would be a good
thing.

https://comodosslstore.com/code-sign...ng-certificate

Jeff Slarve
www.jssoftware.com

Ones and Zeros are my Heroes

[NewsArchive]

Hi Jeff,

Seems the Safe-NET token comes on USB

https://support.globalsign.com/custo...ng-certificate

Graham

[NewsArchive]

And unlike other certificates, in this case Comodo has a copy of your
private key (since they're writing it onto the device that they mail
to you.)

With a regular certificate, the private key stays on your computer and
never gets sent to them.

jf

[NewsArchive]

Hi Graham,

>> ......To prevent unauthorized access to your private key, it is stored
>> on an external hardware token......
>
> What does that mean?
> Sounds almost like we're back to dongles again.

Ohhh yes :-( USB dongle...

Friedrich

[NewsArchive]

Hi Jeff,

> Smart Card Tokens, according to this 3rd party vendor.
>
> Although it sounds inconvenient, I can see how this would be a good
> thing.

But the moment you hook it up to the computer it's fair game for
hackers. Just putting the stuff on a card doesn't make it any more
secure.

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

[NewsArchive]

On 2.4.2019 4.08, Arnor Baldvinsson wrote:

> But the moment you hook it up to the computer it's fair game for
> hackers. Just putting the stuff on a card doesn't make it any more secure.

Once the EV certificate private key is installed on the USB security
token, it cannot be extracted or copied from the device, since it is
stored securely in a tamper-proof memory area on the device (write-only
/ write-once in that sense). Signature operations are completed on the
device itself with a certificate password used to unlock the private
key, so the token must be plugged in for the certificate to be available
for operations.

So hackers can't copy your certificate and they would need to physically
steal the token to use it.

Cheers,
--
Timo

[NewsArchive]

Hi Timo,

> Once the EV certificate private key is installed on the USB security
> token, it cannot be extracted or copied from the device, since it is

Somehow it must be read from the stick.

> So hackers can't copy your certificate and they would need to physically
> steal the token to use it.

Those things can be duplicated. Seen it done. Disappearing a USB stick
isnt's much of a challenge - I manage that all by myself it seems!<bg>

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC