IdenTrust TrustID Extended Validation (EV) Code Signing certificates allow you to add a digital signature to executables, firmware, drivers, browsers, add-ons or mobile applications to establish trust and a greater level of confidence for your customers with respect to the integrity of your code signed software applications. These certificates provide additional assurance of the code publisher’s identity, as the subscriber organization is subject to strict vetting processes before being issued their certificate.
The EV Code Signing certificate private keys are stored in IdenTrust supplied FIPS 140-2 Level 2 or higher hardware compliant crypto-modules such as HID Global USB tokens or HID Global Smart cards. IdenTrust also supplies the SafeNet eToken 5110 CC (Common Criteria) as compliant USB token. The additional security features in these hardware devices enable two-factor authentication and prohibits the private key from being exported, thus offering additional assurance to relying parties with respect to the ownership of the certificate.
Use of CSR (Certificate Signed Request) is supported during the EV Code Signing certificate application; once approved, the certificate can be installed in the applicant's hardware security module (HSM) meeting standard security equivalent to FIPS 140-2 level 2 or Common Criteria EAL 4+. Enforcement of this requirement is handled via the Subscriber Agreement.
As a value-added service to an EV Code Signing certificate, the IdenTrust Timestamping Authority Server (TSA) is offered free of charge and provides RFC 3161 compliant timestamping services. Timestamping binds the EV Code Signing digital signature, the signed code and an accurate date and time. Upon execution, timestamped files are automatically validated for integrity, alerting the user if the file is no longer in the same state as when it was timestamped. Timestamping adds long term integrity and non-repudiation validation for up to 10 years after the EV Code Signing certificate has expired or has been revoked.
The IdenTrust EV Code Signing certificates are compatible with all major file platforms such Microsoft® Authenticode® and Silverlight® applications, Adobe® Air®, Apple®, Java®, Mozilla® objects and others.
Code that it is signed with IdenTrust EV Code Signing certificate may receive a higher initial reputation score with the Microsoft SmartScreen® filter based on a mix of factors like:
- The lifespan of the IdenTrust Root CA in public trust
- The lifespan of the issuing EV Code Signing CA
- The frequency with which the EV Code Signing Certificates have been used for signing executables
Choose BUY NOW to select EV Code Signing Certificate Options
Use the IdenTrust Timestamping Authority Server (TSA) which is offered free of charge and provides RFC 3161 compliant timestamping services to bind the EV Code Signing digital signature, the signed code and an accurate date and time.
Certificate Management Center
Use our Certificate Management Center (CMC) to manage and renew your current IdenTrust certificate!