EV Code Signing
The EV Code Signing Certificate combines all the features of a standard code signing certificate with a meticulous extended verification process (EV). This is the highest quality Code Signing certificate that meets the rigorous requirements of Microsoft.
Users who want to download software over the Internet often have concerns about whether it is harmful software that contains viruses or malware. Software is chosen and downloaded much faster which was signed by a certificate from a trusted Certification Authority such as CERTUM.
Software signed in this way eliminates messages such as “unknown software publisher” and “Dangerous software” and most importantly, immediately eliminates the occurrence of the message SmartScreen ® Application Reputation, a filer undesirable from the point of view of the owner of the software that treats software as unwanted and untrusted. The elimination of unwanted messages translates directly into increased customer confidence and hence a greater number of downloads.
With the EV Code Signing Certificate, your customers receive a guarantee that the software they use is a from a trusted source and has not been modified since it was signed.
Examples of tools that you can use for signing:
- MS Office 2000+, ToolSign.sh and openSSL for UNIX/Linux, Firefox, Key Manager, Jarsigner and verifier from Java JDK 1.5+, SignTool, SignCode and Visual Studio Express
Examples of supported formats:
- .docm, xlsm, .pptm, .xpi, .jar, .war, .ear, exe, .dll, .ocx, .cab, .msi.
The most important features of the EV Code Signing certificate:
- Financial guarantee of €60,000
- Compliance with WebTrustSM/TM
- Issued by CERTUM CA, whose certificate is automatically recognised as trusted in modern web browsers and by all Microsoft products
- Protected SHA-2 hash function
- Protection of the intellectual property and brand of software publishers
- Compatible with the X.509 v.3 (RFC5280) standard
- Documentation and customer service in Polish language
- Free revocation and reissue
- The certificate have to be installed on cryptographic card
- Free time stamping
- Possible certificate status verification using CRL and OCSP
- Period of validity of 1-3 years
- Technical support (Infoline, email)
When purchasing an EV Code Signing certificate, it required that the identity of the future Subscriber be verified. New customers are asked to provide within seven days documents confirming the identity of the person responsible for the purchase of the certificate and additional corporate documents (if the data are to be placed in the certificate).
The benefits of possessing an EV Code Signing Certificate
Signing with an EV Code Signing certificate helps increase the number of downloaded files, and what goes with it, an increase in the company’s revenue.
Strength of the encryption
The minimum length of cryptographic keys: RSA/DSA 2048 bit, EC 571 bit: sect571k1 (NIST K-571) oraz sect571r1 (NIST B-571).
Especially recommended to protect:
- program code
- components and ActiveX controls,
- drivers used in operating systems from MS Windows in 32-bit and 64-bit, in user mode or kernel mode
- libraries in Windows systems,
- binary code.
EV Code Signing – increased level of customer trust
We do not issue EV Code Signing certificates to natural persons!
To verify the Subscriber’s identity CERTUM requires the submission of the following documents:
- identity document (ID card, passport, residency card, driving license)- in Latin characters – of the person placing the order. The copy should depict the entire document (both sides),
If it is not possible to send the following documents (ID card, passport, driving license, permanent residence card) there are few others possibilities to verify your identity:
- notarial identity confirmation – a document in English language or a document translated into English by the sworn translator
- identity confirmation at CERTUM’s Registration Point or Identity Confirmation Point
- possession of the qualified certificate issued by CERTUM
- a utility bill (e.g. water, electric power, natural gas, etc.), bank statement, credit card statement, government‐issued tax document belonging to the organization,
- company registration documents – only in the case where the company doesn’t possess the DUNS number (it’s impossible to verify the company by using this number or by using national registration number),
- authorisation or power of attorney confirming connection of the person submitting the order with the organisation – only when the applicant doesn’t appear in the relevant registry as a person authorized to represent the company
In appropriate cases the CERTUM Team may ask for additional documents necessary for proper verification.
We do not issue EV Code Signing certificates to natural persons,
EV Code Signing certificates must not contain a Domain Name or IP Address
All required documents should be sent to CERTUM CA in one of the following ways:
- scans of documents by e-mail to: firstname.lastname@example.org (recommended)
- by fax to: +48 (0) 91 4257 422
- by post to:
ul. Bajeczna 13
In appropriate cases the CERTUM Team may ask for additional documents necessary for proper verification
The contact phone number used for the phone verification of the certified organization has to match the number found in qualified sources of information such as public business and organization registers.
(e.g. DUNS, www.yellopages.com, www.numberway.com, or other public databases which are qualified as reliable and credible).
In case the phone number mismatch, the verification will be carried out using documents.
Certificate technical requirements:
- an internet browser which supports X.509 v.3 certificates (Internet Explorer v. 11), Windows 7, 8, 10, Java JDK 1.5+.
Technical requirements for signing code or files:
- Office 2000 or newer package / Visual Basic – for signing macros and Office objects, ToolSign.sh and OpenSSL script in its most up to date, stable, available version for UNIX/Linux, Firefox or Netscape and a tool for signing add-ons dedicated to a given browser, KeyTool and Jarsigner attached to Java JDK 1.1+, SignTool, SignCode – for older Windows, Visual Studio Express versions.
- EV Code Signing stands for secure communication The certificate is a guarantee for your customers and partners that the software or files sent by you have not been tampered with by any third parties.
- Using the EV Code Signing certificate attests to the fact that you care for data security.
Significance of trust verification
The benefits of Microsoft Code Signing are the following:
- gaining your partners’ trust (no warnings about „unknown publisher” and „dangerous software”)
- application security guarantee – protection against modifications made by third parties and infection with viruses, Trojans, etc.
- protection of intellectual property and brands of software publishers
- protection of the company’s image and brands
CERTUM – General Certification Authority – guarantees the highest level of the offered certificates. We are the leader in the field of Internet security and the only Polish certification authority that provides services in compliance with the international standard WebTrustSM/TM . For over 10 year we have provided our clients with reliable and proven solutions which confirm their trustworthiness on the Internet.
A few words on CERTUM encryption
The encryption procedure allows the protection of information during on-line transmission and connections. The Public Key Infrastructure used by CERTUM is an original solution, created in cooperation with research personnel of the West Pomeranian University of Technology and independent encryption experts. The ID certificates issued by CERTUM allow the use of encryption strength of the recommended key length: 2048/4096.
24h technical support
We protect our clients’ safety and peace of mind 24 hours a day, seven days a week. You may contact our consultants at any time of the day or night. Just call the hotline or contact us via on-line chat. No question shall remain unanswered.