Brad Brett
asked on
Software Digital Signature
I want to know more information about digital signature, how digital signature companies sign a software code and how to start digital signing business company?
Your search terms should be "Class 3 PKI" and probably "steep initial investment" both HR and HW-wise.. ;)
ASKER
@jakopriit: I need more explanation.
Actually, I want to know how can I digitally sign software EXE myself.
Actually, I want to know how can I digitally sign software EXE myself.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@gtkfreak: How can I self-generate a certificate? Also, what commands do I need to use on OpenSLL to sign the code?
Have a read of this
http://msdn.microsoft.com/en-us/library/bb530410.aspx#vistauac_topic6h
On that page goto section "8. Authenticode Sign Your Application"
http://msdn.microsoft.com/en-us/library/bb530410.aspx#vistauac_topic6h
On that page goto section "8. Authenticode Sign Your Application"
See this link http://www.top20toolbar.com/misc/codesigncert.htm
ASKER
@gtkfreak: Thanks! One more thing, how can I build trusted company to commercially sign codes like VeriSign, Thawte, etc....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
> "this is down via product updates from windows, apple, firefox etc...."
How can I make my certification imported on all browsers in the world by OS updates, firefox updates, etc...?
How can I make my certification imported on all browsers in the world by OS updates, firefox updates, etc...?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@m_walker: I need to know from where can I register CA and become root level CA, where can I prove the things you mentioned?
Thanks,
Thanks,
Difficult but not impossible. You will have to look it up yourself. If you want to sign macros / code just for one computer, you can look around for selfcert.exe to get a self signed certificate. Note that this will only run on the computer where it was signed.
ASKER
@gtkfreak: I have already done self-singed certification, however I am not sure if I need to contact Microsoft, Firefox and all the web browsers companies to ask them to publish the certification with their updates and make it world wide trusted.
Your little enterprise WILL NOT be accepted as root level CA unless it _strictly_ adheres to rules and regulations set. And to do that you need steep initial investments (the first post). Business continuity is a major concern. Utmost data security - you need to guard your root private keys better than your life. You need to set up comprehensive verification procedures for applicants. Etc, etc.
In short, forget about being a CA. It is expensive and per the other's comments this is something you must not just roll yourself. The whole concept is built around a chain of trust where the most trusted is at the root. In short what you offer is the equivalent of saying "I am me because I say I am me". Not worth much in the security world.
If you are serious about signing your code so it is trusted, do some reasearch about buying a CODE signing certificate from a well known CA.
If you are serious about signing your code so it is trusted, do some reasearch about buying a CODE signing certificate from a well known CA.
ASKER
@TomasP: No! I could do CA business later on, that's why I posted that question.
It's expensive doesn't mean it's impossible, I don't want frustration please, If anyone know what to do in steps to become CA root, no matter how much time it will take or how much money, etc... please post.
It's expensive doesn't mean it's impossible, I don't want frustration please, If anyone know what to do in steps to become CA root, no matter how much time it will take or how much money, etc... please post.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@TomasP: OK, that's great, what's the difference between normal certificate and extended validation certificate?
No difference in cryptography, but the CA undergoes a more stringent background check/interview and once passed and undergo a deeper audit can offer certs marked as extended...more trustworthy
ASKER
@TomasP: I still don't understand the difference between normal certificate and extended validation certificate, technically how the browser recognize that this is normal certificate or this is extended validation certificate?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.