Open Source Code Signing
The certificate confirming the identity of an author working under the Open Source license.
Code Signing certificates enable software developers to digitally sign the original code and recipients to verify data integrity. They eliminate the anonymity of applications published on the Internet by including the author’s name. They guarantee that the software has not been modified by unauthorized persons or viruses from the time of its signing by the software developer.
The Open Source Code Signing certificate is meant for software developers and publishers who work under the Open Source licence.
- Simplified authentication of the ordering party (minimum formalities, immediate issue)
- Compliance with WebTrustSM/TM
- Issued by CERTUM, whose root certificate is automatically recognized as trustworthy by all popular web browsers and Microsoft products
- Standard (24-hour)_period for issuance of certificate after successful data authentication
- Secured by the SHA-2 function
- Protection of intellectual property and brands of software publishers
- Types of supported files: .docm, xlsm, .pptm, .xpi, .jar, .war, .ear, exe, .dll, .ocx, .cab, .msi.
- Confirmation of responsibility for the certification process
- Free revocation and exchange
- Possible to store the certificate on a cryptographic smart card
- Free time stamp
- OCSP – Online Certificate Status Protocol
- Possible internal and external signatures creation
- Examples of tools that may be used for signing: MS Office 2000+, ToolSign.sh and openSSL for UNIX/Linux, Firefox, Key Manager, Jarsigner and verifier from Java JDK 1.5+, SignTool, SignCode, Visual Studio Express
- Certificate status verification service available by using the certificate revocation list (CRL) and the Online Certificate Status Protocol (OCSP),
- Validity period: 1 year
- Technical support 24h
Certificate verification – minimum formalities
The procedure for obtaining the Open Source Code Signing certificate is simple. No fees for the trial version.
Recommended key length 2048 – 4096. Minimum encryption key length: RSA/DSA 2048 bit, EC 571 bit: sect571k1 (NIST K-571) and sect571r1 (NIST B-571).
The benefits of Open Source Code Signing are the following:
The certificate confirms the identity of the application author or software publisher. It protects against code modifications – you gain security and your clients’ trust.
In particular, recommended for protecting:
- programs on UNIX/Linux platforms
- VBA macros
- Apple application (from OS X)
- Firefox and Netscape add-ons
- Adobe AIR
- Java applets
- Internet applications based on JAVA technology
- ActiveX components and controls
- binary files in Visual Studio
Open Source Code Signing Certificates are issued only to natural persons!
Note for the Clients who in the Open Source Code Signing certificate request chose the ‘Telephone Verification’ option:
We wish to inform you that since 13.03.2017 this option is no longer available for this type of certificates, therefore please send us the following documents.
To verify the Subscriber’s identity CERTUM requires the submission of the following documents.
- identity document (ID card, passport, residency card, driver’s license) – in Latin characters – of the person placing the order. The copy should depict the entire document (both sides),
If it is not possible to send the following documents (ID card, passport, driving license, permanent residence card) there are few others possibilities to verify your identity:
- notarial identity confirmation – a document in English language or a document translated into English by the sworn translator,
- identity confirmation at CERTUM’s Registration Point or Identity Confirmation Point,
- possession of the qualified certificate issued by CERTUM
- a utility bill (e.g. water, electric power, natural gas, etc.), bank statement, credit card statement, government‐issued tax document belonging to the Subscriber
- internet address of the project.
The project has to be publically accessible and unambiguously connected with the Subscriber. If CERTUM will not be able to identify the project on the basis of generally available information, the certification application will be rejected.
In appropriate cases the CERTUM Team may ask for additional documents necessary for proper verification
Open Source Code Signing certificates must not contain a Domain Name or IP Address The Applicant must at the same time be the Subscriber of the certificate Open Source Code Signing Certificates are issued only to natural persons
All the collected documents should be sent to CERTUM PCC using one of the ways given below:
- via e-mail (recommended) as a scanned copy to: email@example.com
- by fax to: +48 (0) 91 4257 422
- by post to:
ul. Bajeczna 13
Certificate technical requirements:
- an internet browser which supports X.509 v.3 certificates (Internet Explorer v. 11, Chrome), Windows 7, 8, 10, Java JDK 1.5+.
Technical requirements for signing code or files:
- Office 2000 or newer package / Visual Basic – for signing macros and Office objects, ToolSign.sh and OpenSSL script in its most up to date, stable, available version for UNIX/Linux, Firefox or Netscape and a tool for signing add-ons dedicated to a given browser, KeyTool and Jarsigner attached to Java JDK 1.1+, SignTool, SignCode – for older Windows, Visual Studio Express versions.
Significance of trust verification
Open Source Code Signing stands for secure communication The certificate is a guarantee for your customers and partners that the software or files sent by you have not been tampered with by any third parties.
Using the Open Source Code Signing certificate attests to the fact that you care for data security.
The benefits of Open Source Code Signing are the following:
- gaining your partners’ trust (no warnings about „unknown publisher” and „dangerous software”)
- application security guarantee – protection against modifications made by third parties, and against infection with viruses, Trojans, etc.
- protection of intellectual property and brands of software publishers
- protection of the company’s image and brands
CERTUM – General Certification Authority – guarantees the highest level of the offered certificates. We are the leader in the field of Internet security and the only Polish certification authority that provides services in compliance with the international standardWebTrustSM/TM . For over 10 year we have provided our clients with reliable and proven solutions which confirm their trustworthiness on the Internet.
24h technical support
We protect our clients’ safety and peace of mind 24 hours a day, seven days a week. You may contact our consultants at any time of the day or night. Just call the hotline or contact us via on-line chat. No question shall remain unanswered.
A few words on CERTUM encryption
The encryption procedure allows the protection of information during on-line transmission and connections. The Public Key Infrastructure used by CERTUM is an original solution, created in cooperation with research personnel of the West Pomeranian University of Technology and independent encryption experts. The ID certificates issued by CERTUM allow the use of encryption strength of the recommended key length: 2048/4096.