What is EV Code Signing?
Code Signing is the process of using an X.509 certificate to digitally sign a piece of code, software, or other executable in a way that ensures that the product has not been tampered with or otherwise compromised. Extended Validation or EV refers to the high level of validation the certificate must go through, and represents the highest level of assurance to customers.
SSL.com Extended Validation Code Signing certificates offer the highest level of authentication and security available in signing code, resulting in more trust and higher download counts of your signed applications. Programs signed with an SSL.com EV Code Signing certificate immediately work with Edge and Windows® SmartScreen® reputation services. For device driver publishers, an EV Code Signing certificate is REQUIRED as a first step for Windows Kernel Mode Signing (see Windows Kernel Mode Signing Policy for more details).
These digital certificates are especially useful in applications that are distributed through the Internet, where applications can pass through a number of suspicious parties or websites before it finally gets downloaded and installed. To prevent tampering or compromise of applications by unauthorized parties, software developers digitally sign their programs with code signing certificates.
Unsigned applications can easily be altered to include malware or viruses, and these untrusted applications will display warning messages resulting in lower installation yields. A code signing certificate issued from a trusted Certificate Authority such as SSL.com can prevent all of those problems.
- eSigner information is available on SSL.com’s main eSigner page. Please read Remote EV Code Signing with eSigner for information on enrollment and use
- If you already own a YubiKey FIPS that you would like to install EV code signing certificates on, please read our how-to on YubiKey attestation
- If you have another FIPS 140-2 Level 2-validated device or cloud HSM service you would like to use, please fill out our HSM attestation request form
- eSigner CKA (Cloud Key Adapter) is also available, allowing tools such as SignTool.exe or Certutil.exe to use eSigner CSC for EV code signing operations
- Supports CI/CD integration for full automation of signings
Extended Validation (EV) Code Signing Certificate
SSL.com EV Code Signing certificates provide the highest level of security and are the best choice for software development and publishing companies who require the highest level of trust in signed software. The EV code signing certificate signs with an organizational identity and works best for teams.
Sole Proprietor EV Code Signing Certificate
SSL.com Sole proprietor EV Code Signing certificates uses a registered sole proprietor entity to apply a personalized digital signature. This validation option enables individual contributors who have a registered sole proprietor entity to include their name in the digital signature.
EV Code Signing Certificates combine all the benefits of OV Code Signing Certificates, including these additional features:
Features
Highest organizational authentication assurance
Signature and time stamping does not expire once certificate expires
Immediate Extended Validation reputation with Microsoft SmartScreen®
Company name, address and organization type displayed in the certificate
Certificate stored on FIPS hardware token prevents key duplication
2-factor authentication through hardware token and PIN combination
Required for Windows 10 kernel-mode and user-mode drivers
Required for Windows Hardware Development Center Dashboard Portal access
Strongest industry encryption with SHA-256 keys
Benefits
Build Reputation and Increase User Confidence
