Software Digital Signature

Your search terms should be "Class 3 PKI" and probably "steep initial investment" both HR and HW-wise.. ;)

@jakopriit: I need more explanation.

Actually, I want to know how can I digitally sign software EXE myself.

@gtkfreak: How can I self-generate a certificate? Also, what commands do I need to use on OpenSLL to sign the code?

Have a read of this

http://msdn.microsoft.com/en-us/library/bb530410.aspx#vistauac_topic6h

On that page goto section "8. Authenticode Sign Your Application"

See this link http://www.top20toolbar.com/misc/codesigncert.htm

@gtkfreak: Thanks! One more thing, how can I build trusted company to commercially sign codes like VeriSign, Thawte, etc....

> "this is down via product updates from windows, apple, firefox etc...."

How can I make my certification imported on all browsers in the world by OS updates, firefox updates, etc...?

@m_walker: I need to know from where can I register CA and become root level CA, where can I prove the things you mentioned?

Thanks,

Difficult but not impossible. You will have to look it up yourself. If you want to sign macros / code just for one computer, you can look around for selfcert.exe to get a self signed certificate. Note that this will only run on the computer where it was signed.

@gtkfreak: I have already done self-singed certification, however I am not sure if I need to contact Microsoft, Firefox and all the web browsers companies to ask them to publish the certification with their updates and make it world wide trusted.

Your little enterprise WILL NOT be accepted as root level CA unless it _strictly_ adheres to rules and regulations set. And to do that you need steep initial investments (the first post). Business continuity is a major concern. Utmost data security - you need to guard your root private keys better than your life. You need to set up comprehensive verification procedures for applicants. Etc, etc.

In short, forget about being a CA. It is expensive and per the other's comments this is something you must not just roll yourself. The whole concept is built around a chain of trust where the most trusted is at the root. In short what you offer is the equivalent of saying "I am me because I say I am me". Not worth much in the security world.
If you are serious about signing your code so it is trusted, do some reasearch about buying a CODE signing certificate from a well known CA.

@TomasP: No! I could do CA business later on, that's why I posted that question.

It's expensive doesn't mean it's impossible, I don't want frustration please, If anyone know what to do in steps to become CA root, no matter how much time it will take or how much money, etc... please post.

@TomasP: OK, that's great, what's the difference between normal certificate and extended validation certificate?

No difference in cryptography, but the CA undergoes a more stringent background check/interview and once passed and undergo a deeper audit can offer certs marked as extended...more trustworthy

@TomasP: I still don't understand the difference between normal certificate and extended validation certificate, technically how the browser recognize that this is normal certificate or this is extended validation certificate?