priority1

Open Source Code Signing

The certificate confirming the identity of an author working under the Open Source license.

Code Signing certificates enable software developers to digitally sign the original code and recipients to verify data integrity. They eliminate the anonymity of applications published on the Internet by including the author's name. They guarantee that the software has not been modified by unauthorized persons or viruses from the time of its signing by the software developer.

The Open Source Code Signing certificate is meant for software developers and publishers who work under the Open Source licence.

  • Simplified authentication of the ordering party (minimum formalities, immediate issue)
  • Compliance with WebTrustSM/TM
  • Issued by CERTUM, whose root certificate is automatically recognized as trustworthy by all popular web browsers and Microsoft products
  • Standard (24-hour)_period for issuance of certificate after successful data authentication
  • Secured by the SHA-2 function
  • Protection of intellectual property and brands of software publishers
  • Types of supported files: .docm, xlsm, .pptm, .xpi, .jar, .war, .ear, exe, .dll, .ocx, .cab, .msi.
  • Confirmation of responsibility for the certification process
  • Free revocation and exchange
  • Possible to store the certificate on a cryptographic smart card
  • Free time stamp
  • OCSP – Online Certificate Status Protocol
  • Possible internal and external signatures creation
  • Examples of tools that may be used for signing: MS Office 2000+, ToolSign.sh and openSSL for UNIX/Linux, Firefox, Key Manager, Jarsigner and verifier from Java JDK 1.5+, SignTool, SignCode, Visual Studio Express
  • Certificate status verification service available by using the certificate revocation list (CRL) and the Online Certificate Status Protocol (OCSP),
  • Validity period: 1 year
  • Technical support 24h

A commercial version of the certificate is also available – Standard Code Signing certificate – intended for digital code signing for the majority of the available operating systems.

Certificate verification - minimum formalities

The procedure for obtaining the Open Source Code Signing certificate is simple. No fees for the trial version.

Learn more

Encryption strength

Recommended key length 2048 – 4096. Minimum encryption key length: RSA/DSA 2048 bit, EC 571 bit: sect571k1 (NIST K-571) and sect571r1 (NIST B-571).

Learn more
The benefits of Open Source Code Signing are the following:

The certificate confirms the identity of the application author or software publisher. It protects against code modifications - you gain security and your clients' trust.

Learn more

In particular, recommended for protecting:
  • programs on UNIX/Linux platforms
  • VBA macros
  • Apple application (from OS X)
  • Firefox and Netscape add-ons
  • Adobe AIR
  • Java applets
  • Internet applications based on JAVA technology
  • ActiveX components and controls
  • binary files in Visual Studio
Open Source Code Signing – increased level of customer trust
Verification of a private individual applying for the certificate on their own behalf:
  • copy of an identity document of the person placing the order (personal ID card, passport, driving licence, permanent residence card)
  • one of the following documents:
    • payment by a credit card or from a bank account of the subscriber (details on the payment confirmation have to match those on the ID document)
    • notarial identity confirmation (original if the details on payment confirmation do not match those on the ID or if payment by cash) or
    • an additional identity document (personal ID card, passport, driving licence, permanent residence card - different from the one sent originally) together with a bill which includes the subscriber’s address (water, gas, electricity, rent), or
    • identity confirmation at a Registration Point or Identity Confirmation Point, or
    • copy of an ID document signed using a qualified certificate,
  • internet address of the project
Verification of a person representing the organisation:
  • copy of an identity document (personal ID card, passport, driving licence, permanent residence card)
  • one of the following documents:
    • notarial identity confirmation (original) or
    • an additional identity document (personal ID card, passport, driving licence, permanent residence card - different from the one sent originally) together with a bill which includes the subscriber’s address (water, gas, electricity, rent), or
    • identity confirmation at a Registration Point or Identity Confirmation Point, or
    • copy of an ID document signed using a qualified certificate,
  • internet address of the project
  • proof of payment for the Code Signing certificate made from a bank account or a credit card which belongs to the organisation
  • company registration documents
  • employment certificate, power of attorney or authority confirming connection of the person submitting the order with the organisation.

ATTENTION: If the person placing the order is not the subscriber - then the identity of both needs to be confirmed.

Important:
  • The project has to be publically accessible and unambiguously connected with the subscriber. If CERTUM will not be able to identify the project on the basis of generally available information, the certification application will be rejected.
Certificate technical requirements:
  • an internet browser which supports X.509 v.3 certificates (e.g. Internet Explorer, Opera, Firefox), MS Windows 2000, XP, Vista (32 bit), Windows 7 (32 bit), Linux/UNIX, Java JDK 1.5+.
Technical requirements for signing code or files:
  • Office 2000 or newer package / Visual Basic - for signing macros and Office objects, ToolSign.sh and OpenSSL script in its most up to date, stable, available version for UNIX/Linux, Firefox or Netscape and a tool for signing add-ons dedicated to a given browser, KeyTool and Jarsigner attached to Java JDK 1.1+, SignTool, SignCode - for older Windows, Visual Studio Express versions.
Significance of trust verification

Open Source Code Signing stands for secure communication The certificate is a guarantee for your customers and partners that the software or files sent by you have not been tampered with by any third parties.

Using the Open Source Code Signing certificate attests to the fact that you care for data security.

The benefits of Open Source Code Signing are the following:
  • gaining your partners' trust (no warnings about "unknown publisher" and "dangerous software")
  • application security guarantee - protection against modifications made by third parties, and against infection with viruses, Trojans, etc.
  • protection of intellectual property and brands of software publishers
  • protection of the company's image and brands
CERTUM reliability

CERTUM - General Certification Authority - guarantees the highest level of the offered certificates. We are the leader in the field of Internet security and the only Polish certification authority that provides services in compliance with the international standardWebTrustSM/TM . For over 10 year we have provided our clients with reliable and proven solutions which confirm their trustworthiness on the Internet.

24h technical support

We protect our clients' safety and peace of mind 24 hours a day, seven days a week. You may contact our consultants at any time of the day or night. Just call the hotline or contact us via on-line chat. No question shall remain unanswered.

A few words on CERTUM encryption

The encryption procedure allows the protection of information during on-line transmission and connections. The Public Key Infrastructure used by CERTUM is an original solution, created in cooperation with research personnel of the West Pomeranian University of Technology and independent encryption experts. The ID certificates issued by CERTUM allow the use of encryption strength of the recommended key length: 2048/4096.