Extended Validation (EV) Code Signing Certificate
Code Signing certificates allow software developers to digitally sign their code to prove it has not been modified by a third party. This lets end-users know they are downloading genuine software and not a corrupted version that has been altered or compromised. EV code signing certificates include all the benefits of regular code signing and introduce essential security features to increase security and improve customer trust.
- Rigorous Vetting Process – EV Code Signing certificates are issued after verifying the identity of the publisher to the robust specifications laid out by the CA/Browser forum and Microsoft
- Two Factor Authentication – Private keys are stored on an external hardware token which is required in order to sign code, eliminating the possibility that your certificate could be exported and used by unauthorized personnel
Browsers and operating systems display warnings messages to end-users when they encounter unsigned code. EV code signing certificates eliminate these messages and immediately build file reputation in Microsoft's SmartScreen Application Reputation filter.
Extended Validation Code Signing certificates – Features and Benefits
- Extended Validation of software publisher as per CA/Browser Forum standards and Microsoft specifications
- Instantly establishes reputation in Microsoft’s SmartScreen Application Reputation filter in Windows 8/8.1/10 and Internet Explorer/Edge.
- Requirement of physical token to sign code prevents certificate abuse and further improves trust
- Supports all major 32bit/64bit formats, including Microsoft Authenticode ( user mode files (.exe, .cab, .dll, .ocx, .msi, .xpi, and .xap) and kernel-mode software), Adobe Air, Apple applications and plug-ins, Java, MS Office Macro and VBA, Mozilla object files and Microsoft Silverlight applications
What's the difference between EV Code Signing and regular Code Signing?
|EV Code Signing||Code Signing|
|In-depth verification of publisher according to CA/Brower forum guidelines||Standard vetting of publisher|
|Signing requires private key stored on encrypted hardware token||Private key stored locally in developers workstation|
|Trusted by all major browsers and operating systems and establishes trust in Microsoft SmartScreen filter||Trusted by all major browsers and operating systems|
How does Authenticode work with Comodo Digital Ids?
Microsoft Authenticode relies on industry standard cryptography techniques such as X.509 v3 certificates and PKCS #7 and #10 signature standards. These are proven cryptography protocols, which ensure a robust implementation of code signing technology.
A certificate for Microsoft Authenticode uses a digital signature to assure users of the origin and integrity of software. In a digital signature, the private key generates the signature, and the corresponding public key validates it. To save time, the Authenticode protocols use a cryptographic digest, which is a one-way hash of the document.