Standard Code Signing Certificates

Advantages of Standard Code Signing Certificates

Standard Code Signing Certificate Delivery Methods

Beginning June 1st, 2023, it is necessary to comply with the new guidelines established by the Certificate Authority/Browser Forum for the issuance of Code Signing Certificates. These guidelines require the use of secure hardware storage devices, such as Hardware Security Modules (HSMs), Hardware storage tokens, or Trusted Platform Modules (TPMs), that meet the highest security standards like FIPS 140 Level 2, Common Criteria EAL 4+, or their equivalents, for generating, storing, and utilizing private keys.

To comply with the updated guidelines set by the Certificate Authority/Browser Forum, it is recommended to utilize USB Token for storing cryptographic keys. You can use our flexible and dependable solutions for secure key storage. These solutions are designed to seamlessly integrate into your existing workflows and offer peace of mind while maintaining efficiency.

Delivery Method 1: Get a USB Token Delivered to Your Door

We provide convenient shipping choices for both local and global locations, ensuring that the USB token reaches your doorstep with ease. Our pricing options are varied, allowing you to select the most suitable one based on your specific needs.

Token + US Delivery: For a cost-effective fee of $80.00, have the USB token securely shipped to any location within the United States.

Token + International Delivery: Developers located outside the United States can take advantage of international delivery for $110.00.

Token + Expedited US Delivery: If you require the USB token urgently within the United States, opt for expedited delivery at $120.00 to receive it promptly. Minimize potential delays and seamlessly integrate the USB token into your workflow.

Delivery Method 2: Utilize Your Own Hardware Security Module

If you already possess a certified Hardware Security Module (HSM) or USB token, leverage its capabilities for secure key storage. Ensure that your device meets the stringent security standards of at least FIPS 140-2 Level 2 or Common Criteria EAL 4+ to ensure optimal protection.

Delivery Method 3: Keep Your Private Key Safe in the Cloud

You can simplify your code signing processes using the cloud-based key storage solution without compromising security. Take advantage of the secure cloud environment equipped with Hardware Security Module (HSM) capabilities and centralize your private key storage, making it easily accessible for your distributed development teams.

How Does Standard Code Signing Certificate Work?

First, the developer or software publisher generates a public and private key pair using a key certificate signing request generation tool. The private key is kept secret, while the public key is included in the code signing certificate.

Next, the developer or software publisher submits a certificate signing request (CSR) to a trusted certificate authority (CA) that verifies their identity and the authenticity of the code. The CA then issues a code signing certificate, which contains the public key and other information about the software and its publisher.

Once the certificate is obtained, the developer or software publisher uses it to sign their code or software. This involves creating a digital signature using the private key that can be verified using the public key in the code signing certificate. This signature is added to the code or software to create a digital hash, which is a unique identifier of the software.

When the user downloads or installs the software, their computer checks the digital signature against the public key in the code signing certificate to ensure that the software has not been tampered with and that it is from a trusted source. If the signature matches, the software is considered authentic and can be installed without any warnings or errors. If the signature does not match, the user is warned that the software may be potentially unsafe and should not be installed.