I've been assigned the task of buying a digital certificate for my company to sign our code. We develop applications in the Microsoft space - mostly WPF or Web Based.
I've investigated options and found Comodo to be well priced and responsive, and we're ready to go ahead and purchase a cert through them.. however in the signup form there are various private key options that I'm not too sure about, namely:
CSP
Key Size
Exportable?
User Protected?
Just wondering what all of this means, and what the best options are for our requirements? Any advice/ suggestions would be appreciated
thanks heaps Greg
So no, you cannot use an SSL Certificate to sign scripts and executables and you cannot secure your website's connections with a Code Signing certificate.
Self-signed code signing certificates must be used for testing only, here's why… While you technically can self-sign a Code Signing certificate, a self-signed code signing certificate won't work for its intended purpose.
If you're comparing code signing certificates vs ssl certificates, here's the basic difference: SSL Certificates are for websites to enable HTTPS urls. Code Signing is for applying a digital signature to software and code to avoid security warnings when installing it.
All certificates issued before June 1, 2021 will remain valid until they expire. To request a code signing certificate or a Windows driver signing certificate, you have to provide us a certificate signing request (CSR) generated by the machine you use to sign the code.
For "most purposes" the following options are recommended:
To be honest, I'm not familiar with the different CSPs, but the Base does the job every time for me.
Key Size makes the keys harder to crack, but more than 2048-bits for a short to medium term key (3-5 years) is ample (IMHO).
Exportable lets you export the private key/certificate pair - essential for backing it up!
User Protected means that you must enter a password every time that you want to use the cert - highly recommended to prevent accidental or malicious signing of code with your certificate.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With