Filter Blogs expand_more
Blog add
Authors add
Solutions add
Product Categories add
10 Results for 'Code Signing'
Blog

By Bruce Morton

October 12, 2015

EV Code Signing certificates are based on the Extended Validation (EV) Code Signing Certificates guidelines developed by the CA/Browser Forum. The guidelines combined the EV standard for validation with specific code signing components such as protecting private keys with hardware and providing time-stamp services. The demand for EV Code Signing certificates is growing thanks to the recent release of Windows 10. By October 29th, 2015 (90 days after release) all drivers provided to Microsoft must be submitted with a signature from an EV Code Signing certificate. Microsoft will trust the submission as the EV Code Signing certificate will prove that the publisher’s identity has been determined and the certificate issuance authorized. EV Code Signing certificates are similar to standard Code Signing certificates, but have some distinct advantages:
Blog

By Bruce Morton

December 11, 2013

We have recently discussed the benefits of code signing in two posts: Securing Software Distribution with Digital Signatures and Improving Code Signing. These posts covered the role of code signatures as a “digital shrinkwrap” designed to answer a simple question: Did the software I am about to run actually come from the author or has someone changed it along the way?
Blog

By Bruce Morton

October 23, 2013

Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill a vital need for authentication of software distributed over the Internet in our interconnected world.
Blog

By Bruce Morton

February 06, 2017

Code Signing is a cryptographic process to digitally sign executables and scripts. The signature confirms the software author or publisher’s identity, and provides integrity by guarantying the software has not been altered since it was signed. Minimum Requirements for Code Signing will increase Internet security by setting a new bar to prevent private keys from being compromised. The requirements will also provide a better mechanism to have code signing certificates revoked limiting the proliferation of malware. The result will benefit application software suppliers, online businesses, and of course, software users globally.
Blog

By Bruce Morton

January 17, 2017

Vulnerabilities, Requirements for Code Signing Certificate, Certification Authority Authorization (CAA) Standards
Blog

By Bruce Morton

August 03, 2016

Time-stamping of code signatures has also been improved. The standard requires the CA to provide a time-stamping authority (TSA) and specifies the requirements for the TSA and the time-stamping certificates. Application software suppliers are encouraged to allow code signatures to stay valid for the length of the period of the time-stamp certificate. 
Blog

By Bruce Morton

December 03, 2015

Entrust’s monthly SSL review covers SSL/TLS discussions — recaps news, trends and opinions from the industry, including CA Security Council, Malicious Code Signing, Dell Delivers PCs with Root and Private Key.
Blog

By Bruce Morton

June 27, 2012

What happens to signed code when the code signing certificate expires? In many cases, an expired certificate means that the signature validation will fail and a trust warning will appear in the browser.
Blog

By Entrust Datacard

May 18, 2012

What happens to signed code when the code signing certificate expires? In many cases, an expired certificate means that the signature validation will fail and a trust warning will appear in the browser.
Blog

By Bruce Morton

December 19, 2013

A recent article by the Microsoft malware protection center, “Be a real security pro - Keep your private keys private,” reminded me of some best practices.
Page 1 of 1