| |
General FAQ 
EV Certificate FAQ
Content Verification FAQ
Unified Communications FAQ
Compare Certificates
Server Install FAQ
Code Signing FAQ
Trust Logo FAQ
Email FAQ
HackerGuardian FAQ
HackerGuardian Help
Code Signing Certificates FAQ
Who needs a Code Signing ID?
Any publisher who plans to distribute code or content over the Internet or over corporate extranets risks corruption and tampering
How does the Comodo Code Signing solution work?
Comodo Code Signing uses authenticated digital signatures to assure the publisher details and content integrity of downloadable code.
Is the Comodo Code Signing solution the right product for me?
Comodo Code Signing is essential if you wish to protect your reputation as an authenticated code publisher.
Does Comodo certify the content of my code?
No. We certify that the software really comes from the publisher who signed it. We also certify that the software has not been altered or corrupted.
Is Comodo Code Signing the right product for my business?
A Comodo Code Signing certificate is strongly recommended for any publisher intending to distribute code or content over the Internet or over corporate extranets. Customers are aware of the dangers involved and are far more trusting of a signed download.
A Comodo Code Signing certificate is an effective way to distribute authentic software over the Internet. It is a best-of-breed product that offers full protection, ease of use and flexible.
How long can I use my developer certificate?
Code signing certificates are valid for one or two years depending on which life cycle you choose when you purchase the certificate.
Time Stamping Server – Location and usage
In order to sign your code, you pass the code which you want to authenticate through a hashing algorithm and then use your private key to sign the hash, which results in a digital signature. You then build a signature block, which contains the digital signature and the code-signing certificate. Tools like Authenticode let you time stamp the signature block based on the current date and time that a time stamping service provider, such as Comodo, provides. Finally, you bind the time stamped signature block to the original software. Now you can publish the signed software on your Web site for download.
As part of this process you will need to know the URL of Comodo’s time stamping server, which is http://timestamp.comodoca.com/authenticode.
Is timestamped code valid after a Code Signing Certificate expires?
Timestamping ensures that code will not expire when certificate expires. If your code is timestamped the digital signature is valid even though the certificate has expired. A new certificate is only necessary if you want to sign additional code. If you did not use the timestamping option during the signing, you must re-sign your code and re-send it out to your customers.
Which utility is used to verify whether the file has been timestamped?
Use the chktrust.exe utility included with the Authenticode SDK tools to verify whether the file has been timestamped. The date and time will be displayed when the file has been timestamped. "Unknown date and time" will appear when the file has NOT been timestamped.
Do code signing certificates last longer than 1 year?
Yes. It is now possible to request a 2-year code signing certificate.
Is there a limit to the amount of applications allowed to be signed with a Code Signing Certificate?
Comodo does not limit you to any specific number. You can sign as many applications with a Code Signing Certificate as you wish, provided that the applications are going to be used for and distributed by the Organization that owns the certificate.
What settings should be enabled to allow a user to receive the certificate pop-up?
- In order to receive the Certificate pop-up when the file is downloaded, you will need to enable a setting in Internet Explorer.
- The setting can be found under: Tools > Internet Options > Advanced > Scroll to the bottom of the list to 'Security'
- Make sure that the following option is checked: "Check for signatures on downloaded programs".
What type of assurance a customer obtains when downloading software signed with Authenticode?
When customer downloads software signed with Authenticode they can be assured of:
- Content Source: The software really comes from the publisher who signed it.
- Content Integrity: The software has not been altered or corrupted since it was signed.
How do I ensure that both I and my customers have the latest Microsoft roots in my certificate store.
For Windows XP, everything is Automatic, meaning well over 200 Million customers will automatically have access to all the latest certificates. For older versions of the Windows operating system it is highly recommended that the latest root update is installed.Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content. Install the latest Microsoft root certificate patch here:- Root Update
What does Authenticode mean?
Authenticode is currently used to sign 32-bit .exe files (PE files), .cab files, .ocx files, and .class files. In particular, if you are distributing active content such as ActiveX controls for use with such Microsoft end user applications as Internet Explorer, Exchange, Outlook, or Outlook Express, you will want to sign code using Authenticode.
What is a Digital ID?
A Digital ID also known as a digital certificate is a form of electronic credentials for the Internet. A Digital ID is issued by a trusted third party to establish the identity of the ID holder. The third party who issues certificates is known as a Certification Authority (CA). Digital ID technology is based on the theory of public key cryptography. In public key cryptography systems, every entity has two complementary keys, a public key and private key, which function only when they are held together. The purpose of a Digital ID is to reliably link a public/private key pair with its owner. When a CA issues Digital IDs, it verifies that the owner is not claiming a false identity.
What about timestamping?
Since key pairs are based on mathematical relationships that can be cracked with a great deal of time and effort, it is a well-established security principle that digital certificates should expire. Your Digital ID will expire one year after it is issued. However, most software is intended to have a lifetime of longer than one year. To avoid having to resign software every time your certificate expires, a timestamping service is introduced. Now, when you sign code, a hash of your code will be sent to Certification authority to be timestamped. This means that you will not need to worry about resigning code when your Digital ID expires. Microsoft Authenticode allows you to timestamp your signed code so that signatures will not expire when your certificate does.
Time Stamping Server – Location and usage
In order to sign your code, you pass the code which you want to authenticate through a hashing algorithm and then use your private key to sign the hash, which results in a digital signature. You then build a signature block, which contains the digital signature and the code-signing certificate. Tools like Authenticode let you time stamp the signature block based on the current date and time that a time stamping service provider, such as Comodo, provides. Finally, you bind the time stamped signature block to the original software. Now you can publish the signed software on your Web site for download.
As part of this process you will need to know the URL of Comodo’s time stamping server, which is http://timestamp.comodoca.com/authenticode.
What will happen if an end user encounters an unsigned component distributed via the Internet?
If an end user of one of these applications encounters an unsigned component distributed via the Internet, the following will occur:
- If the application's security settings are set on "High," the client application will not permit the unsigned code to load.
- If the application's security settings are set on "Medium," the client application will display a warning like this screen:
What will happen if an end user encounters an signed component distributed via the Internet?
If a user encounters a signed applet or other code, the client application will display a screen like the following:
Who issue the digital certificates to applicants?
Certification Authorities are organizations that issue digital certificates to applicants whose identity they are willing to vouch for. Each certificate is linked to the certificate of the CA that signed it.
List the responsibilities of Certification Authority?
As the Internet's leading Certification Authority, Comodo has the following responsibilities:
- Publishing the criteria for granting, revoking, and managing certificates.
- Granting certificates to applicants who meet the published criteria.
- Managing certificates (for example, enrolling, renewing, and revoking them).
- Storing Comodo's root keys in an exceptionally secure manner.
- Verifying evidence submitted by applicants.
- Providing tools for enrollment.
- Accepting the liability associated with these responsibilities.
- Time stamping digital signatures.
Explain the six step process of Signing Code?
- Make Sure that you are running the correct versions of all tools
- Apply for a Code Signing ID for Authenticode from Comodo
- Pick up your Digital ID
- Prepare your Files to be Signed
- Sign your Files
- Test Your Signature
How do I ensure that both I and my customers have the latest Microsoft roots in my certificate store.
For Windows XP, everything is Automatic, meaning well over 200 Million customers will automatically have access to all the latest certificates. For older versions of the Windows operating system it is highly recommended that the latest root update is installed.Good security policy dictates that your root certificate store should have the most current root certificate references from all trusted certification authorities, thereby providing the widest capability to recognize trusted content. Install the latest Microsoft root certificate patch here:-
Root Update
Trusted Certificate Services
Comodo Code Signing CA
We want our signed files to be time stamped. Could please provide me with the URL of the time stamping server?
The Comodo timestamping server can be found at: http://timestamp.comodoca.com/authenticode
| |
){kind=link}