12 common problems of code signature and driver signature

Time:2021-10-23

What is a code signing certificate?

Code signing certificateCode signing certificates is a certification service that provides code software digital signatures for software developers.
The code signature certificate can identify the source of the software and the true identity of the software developer through the digital signature of the code, so that your customers can trust and download the software you developed. At the same time, the value of the certificate is also reflected in proving that the code has not been maliciously tampered with, ensuring the credibility and effectiveness of the code, so as to establish a good software brand reputation.
12 common problems of code signature and driver signature

What is the difference between a code signing certificate and an SSL certificate?

Code signing certificate is a solution for software developers. Its purpose is to enable software developers to digitally sign their software code and improve the security of software.

SSL certificate has the functions of server authentication and data transmission encryption. Its service objects are various types of websites or applets. Its purpose is to establish an SSL secure channel between the client browser and the web server to protect the encryption of transmitted data and prevent tampering.

Is the validity period of the code signature certificate and the SSL certificate both 1 year?

no According to the latest Ca / B policy, the SSL certificate is valid for 1 year from September 1, 2020; The maximum validity period of the code signature certificate is still 3 years. Therefore, you can still order a 3-year code signing certificate if you need it.

Does the code signing certificate also support 2048 bit key length?

I won’t support it. According to the notice issued by Ca / B in 2021, the minimum key length of code signature certificate will be increased from 2048 bits to 3072 bits from June 1, 2021. At present, the code signing certificates issued by major CAS no longer support the key length of 2048 bits.

What is the difference between no code signature and code signature?

Taking Microsoft code signature as an example, when users download, install and run software or programs without code signature on Windows system, they will be blocked by the system and prompt the user with the security warning of “unknown publisher”.

If the EV code signature certificate is used, the developer name will be displayed during download, installation and operation to let users know the legitimacy of the software, and can immediately obtain the reputation of Microsoft smartscreen and eliminate the pop-up prompt of smartscreen. As shown in the figure:

12 common problems of code signature and driver signature

Can the EV code signing certificate support Microsoft driver signing?

Since the cross certificates of digicert, trust, sectigo (Comodo), Thawte, etc. trusted by Microsoft have all expired on April 15, 2021, the current third-party EV code signature certificate does not support Microsoft driver signature. If you need to digitally sign the driver, you need to apply for an EV code signature certificate, create a Microsoft logo authentication account, and then apply for Microsoft’sWHQL logo certification
12 common problems of code signature and driver signature
The process of applying for WHQL signature authentication is complex. If you need help, please contact Ruicheng technical team.

Can the software with code signature certificate be recognized by anti-virus software?

The code signature certificate is mainly used to prove the identity of the software developer and verify the integrity of the software code. It cannot ensure that the signed software can be recognized by the anti-virus software. If you need to obtain the approval of the anti-virus software, you can add your software to the trust list (white list strategy) of the anti-virus software. The audited software program will not be intercepted and the security warning to the program is eliminated.

What is a timestamp?

The timestamp is the time when the digital signature was created. Because all code signing certificates expire, any software that verifies a digital signature must know whether the signature was created before or after the certificate expires. If you use a timestamp, your previous digital signature will not expire even if your certificate has expired. Timestamp helps to allow the operating system to check the validity of the signature after the code signing certificate expires according to the signing time rather than the current time of software execution.

Can a code signing certificate sign any software?

Code signature is an effective mechanism to ensure the security and credibility of the software release environment. It is strictly prohibited for any user to use code signature certificate to digitally sign spyware, rogue software and hacker software. Otherwise, once reported and verified, CA has the right to revoke the certificate immediately.

Who can get a code signing certificate?

Code signing certificates are only issued to legitimate enterprises. Because the code signature certificate is an authentication product, the “publisher” needs to be a legally registered enterprise, so you can apply for a code signature certificate. Different brands of code signature certificates have different requirements on the registration time of the applicant enterprises. For example, section requires the enterprise to register for at least 3 months, and Ca such as digicert requires the registration time to be longer.

Can the code signature certificate be tried for free?

may not. Because every enterprise applying for a code signature certificate must undergo strict authentication, it does not support free trial. However, if you have any questions after purchase, Ruicheng information supports the 30 day unconditional refund guarantee of standard code signature certificate.

What if my private key is lost or damaged?

If the private key is lost or damaged, or your information changes, you should immediately contact the CA or certificate service provider to request revocation of the code signing certificate, and then apply for a new code signing certificate to replace it.
The above are common questions about code signature and driver signature. If you have other questions about the code signature certificate, please leave a message.