DigiCert EV Code Signing certificate is an advanced cryptographic tool that allows digital signing of software code, ensuring the highest level of trust and integrity. As part of extended validation, DigiCert carries out a detailed process of verifying the identity of the issuer, in accordance with the CA/Browser Forum guidelines, which guarantees the authenticity and credibility of the signed code.

The private key of the certificate is generated and stored on a specialized hardware token compliant with the FIPS 140-2 Level 2 standard or higher. The token uses advanced security mechanisms such as tamper resistance, PIN authentication, and cryptographic isolation to protect the key from unauthorized access and potential side-channel attacks. DigiCert EV Code Signing supports modern cryptographic algorithms, including Elliptic Curve Cryptography (ECC) and traditional RSA keys of 2048 bits or more. The use of ECC algorithms allows for higher levels of security with smaller key sizes, which increases the efficiency of cryptographic operations and provides better protection against future cryptographic threats.

The certificate is compatible with multiple platforms and signature formats, such as Microsoft Authenticode, kernel-mode drivers, Adobe AIR, Apple iOS, Java, and Microsoft Office and VBA. This allows developers to seamlessly integrate the certificate into various development environments and operating systems. Using an EV Code Signing certificate allows you to automatically bypass application reputation filtering mechanisms such as Microsoft SmartScreen Application Reputation, eliminating unknown publisher warnings during software installation. Timestamping allows you to maintain the validity of your digital signature even after the certificate itself has expired, which is crucial for long-term software distribution. The code signing process using DigiCert EV Code Signing integrates with development tools and Continuous Integration/Continuous Deployment (CI/CD) environments, allowing you to automate and streamline your release cycle. The certificate also supports X.509 standards and meets compliance requirements with industry regulations such as GDPR, HIPAA and PCI DSS, which is important for companies operating in sectors with high security requirements.

For organizations seeking to protect their brand and ensure the highest security standards, the DigiCert EV Code Signing certificate is a key element in a strategy to secure software against manipulation, reverse engineering and the distribution of malicious code. By using advanced cryptographic algorithms, including ECC, the company builds trust with end users and business partners while meeting stringent security and compliance requirements.

Why choose DigiCert EV Code Signing?

• Highest level of trust.
• Private key security.
• Advanced cryptographic algorithms.
• Broad compatibility.
• Bypassing reputation filters.
• Integration with developer tools.
• Regulatory compliance.
• Long-term signature validity.
• Brand and user protection.

• Support for Windows.
• Mozilla Objects File Signing.
• Signing MS Silverlight applications and xaf files.
• Signing MS Office macros and VBA (Visual Basic for Application) files.
• AIR code signing.
• Signing JAR applets.
• Microsoft Authenticode – Signing any MS (32/64 bit) .exe, .dll, .ocx, .msi, .cab and kernel software.
• Software signing for MacOS.
• and many more.

** Due to the new rules for generating and storing code signing certificate keys, it is necessary to save them on a compatible USB token or HSM module. In the absence of such a tool, it is possible to order a token with an installed certificate from the certificate issuer. The appropriate delivery option should be selected when placing an order for the certificate. There is no need to order a token if you have your own, compatible tool. In the case of delivery, the time to issue the certificate may be longer due to the need to deliver the ordered token with the certificate: Check the new rules for code signing certificates issuance.

• Highest level of trust (Extended Validation): A certificate with extended validation provides the highest level of trust through a rigorous process of verifying the identity of the issuer, consistent with CA/Browser Forum guidelines.
• Hardware-level private key security: The private key is generated and stored on a hardware-based cryptographic token that is FIPS 140-2 Level 2 or higher compliant, minimizing the risk of unauthorized access and side-channel attacks.
• Advanced cryptographic algorithm support: Supports Elliptic Curve Cryptography (ECC) and RSA keys of 2048 bits or more, providing strong security and higher cryptographic performance.
• Wide cross-platform compatibility: Compatible with Microsoft Authenticode, kernel-mode drivers (Kernel-Mode Drivers), Java, Adobe AIR, Apple iOS, Microsoft Office, and VBA, enabling deployment across a variety of environments and operating systems.
• Bypassing application reputation filters: Eliminate warnings generated by mechanisms such as Microsoft SmartScreen Application Reputation, improving the end-user experience and increasing trust in the software.
• Signature durability with timestamping: Maintain the validity of a digital signature even after the certificate expires, which is crucial for long-term software distribution and integrity.
• Integration with CI/CD tools and process automation: Seamless integration with Continuous Integration/Continuous Deployment environments, enabling automation of the signing process and reducing time to market.
• Meeting international security standards and regulations: Compliance with X.509 and regulations such as GDPR, HIPAA, PCI DSS, which is essential for organizations operating in sectors with high security and data protection requirements.
• Protection against code manipulation and reverse engineering: Ensuring code integrity by securing against unauthorized modifications, which protects against the distribution of malware and infringement of intellectual property.
• Strengthening the trust of users and business partners: Confirming the authenticity and integrity of the application builds trust in the brand, increasing customer loyalty and facilitating the establishment of business relationships.
• Professional technical support: Access to dedicated 24/7 technical support, ensuring fast and effective service in the field of installation, configuration and solving certificate-related issues.
• Optimization of cryptographic performance: The use of ECC allows for achieving a high level of security with smaller key sizes, which translates into better performance of cryptographic operations.
• Reduced business risk: By ensuring compliance with security regulations and standards, organizations minimize the risk of legal penalties and reputational damage associated with security breaches.
• Flexible and scalable solution: Adaptable to the needs of organizations of all sizes, from small businesses to enterprises, with options for managing multiple certificates and users.
• Updated to the latest security trends: Regular updates and support from DigiCert ensure compliance with the latest standards and best practices in cybersecurity.

The validation process for the DigiCert EV Code Signing certificate is a comprehensive process designed to thoroughly confirm the identity and authenticity of the organization applying for the certificate. The process begins with the company submitting an application, which must provide detailed registration information, including the full legal name, registered office address, and contact details. DigiCert verifies the legal existence of the organization by checking official registration documents. This is followed by verification of the physical address of the company. This may require providing supporting documents such as utility bills, bank statements, or official letters from government institutions that confirm the current and accurate address provided. DigiCert also checks whether the organization has an active phone number registered to the same address, which is verified through independent sources such as public telephone directories or telecommunications carrier databases. The next step is to verify the identity of the contact person and their authority to represent the organization in the certification process. This requires providing employment verification documents such as certificates from the human resources department or an official power of attorney signed by an authorized representative of the company. DigiCert may also contact the organization directly to confirm the authorization of the individual. During the validation process, DigiCert also conducts an operational verification of the company, checking its presence in the industry and confirming that it is an active business entity. This may include an analysis of the company’s website, checking business references, or evaluating its activities based on available financial reports. Additionally, the organization must complete a verification process to verify compliance with DigiCert’s security policies and the CA/Browser Forum guidelines for Extended Validation certificates. This includes confirming that the company is not on any sanctions lists or engaged in illegal activities. Once all verification steps have been successfully completed, DigiCert will begin generating an EV Code Signing certificate. The private key is created and stored on a hardware cryptographic token, which is physically delivered to the organization. This token meets the requirements of FIPS 140-2 Level 2 or higher, which ensures the highest level of private key security. The entire validation process is designed to ensure that only verified and trustworthy organizations can obtain the EV Code Signing certificate. This allows end users and business partners to have complete confidence in the signed software, knowing that it comes from an authentic and verified publisher.

Technical support for DigiCert EV Code Signing is a key element of support for developers and organizations using this certificate. DigiCert offers dedicated support available 24/7, providing fast and professional solutions for installation, configuration and integration of the certificate with various development environments. DigiCert specialists help solve technical issues, provide advice on best security practices and support in the certificate renewal and management process. Access to extensive documentation, guides and online resources allows users to solve common issues on their own, while the support team is ready to intervene in more complex cases. This allows organizations to focus on software development, with the assurance that the aspects related to code signing are under constant expert care.