Code signing certificates are used to digitally sign software codes to protect code integrity and prevent illegal tampering; to identify the identity of software publishers and ensure the trustworthiness of software sources. According to different verification levels, code signing certificates are divided into extended verification EV code signing certificates and enterprise verification OV code signing certificates.
What is an OV Code Signing Certificate?
The OV code signing certificate refers to the code signing certificate of the OV (Organization Validation) enterprise verification level, which is issued by the authoritative certificate authority after verifying the identity of the applicant unit in accordance with the OV verification standard (Class 3), also known as the standard Code signing certificate, unit code signing certificate, common code signing certificate.
The difference between OV code signing certificate and EV code signing certificate
OV code signing certificate : OV enterprise verification level (Class 3), supports Windows applications (.exe, .dll, .cab, .ocx, XML, etc.), Adobe (.air, .airi), Java Applets, J2ME MIDlet, Silverlight (.xap), Office VBA macros and other software code signing. WoSign OV code signing certificates (standard code signing certificate Pro, standard code signing certificate) are multi-purpose code signing certificates, and one certificate supports the above-mentioned types of software code signing.
EV code signing certificate : EV extended verification level (Class 4), which is a code signing certificate with a higher verification level. Not only has all the functions of OV code signing certificate, but also additionally supports Windows kernel code signing and driver signing (.sys, .cat); supports WHQL logo certification; supports UEFI certification, LSA certification; supports SmartScreen to quickly obtain reputation; WHQL portal account Registration must obtain an EV code signing certificate before registration. WoSign EV code signing certificates (EV Code Signing Certificate Pro, EV Code Signing Certificate) are all issued by the globally trusted certification authority designated and recommended by Microsoft, which meets Microsoft’s requirements.
What is a "hard certificate"?
"Hard certificate" refers to a digital certificate stored on a hardware security medium. The certificate is used from generation to issuance, and the private key is always stored in the hardware token or hardware security module. Export is not supported, which effectively reduces the risk of the private key of the certificate being leaked. , so "hard certificates" are more secure and reliable.
According to the requirements of the international standards of the CA/B alliance, EV code signing certificates have long been stored in hardware security to achieve higher security performance; and from June 1, 2023, all OV code signing certificates around the world will stop issuing "soft certificates" , Upgrade to a "hard certificate", which is consistent with the storage method of the EV code signing certificate to ensure the security of the private key of the certificate. The hardware device must be a hardware token or hardware security module (HSM) with FIPS 140 level 2 or above, Common Criteria EAL level 4 or above, or equivalent certification level.
WoSign OV code signing certificate (standard code signing certificate Pro, standard code signing certificate) will also strictly implement the requirements of international standards, and fully realize the upgrade of "hard certificate" before June 1, 2023. WoSign CA is a compliant electronic certification service organization with an experienced service support team and strong technical service capabilities. At that time, the WoSign CA service support team will provide one-on-one consulting services to assist customers in completing new certificate applications, compliant hardware selection, hardware mailing and other processes, and help customers quickly and smoothly obtain OV code signatures based on compliant hardware Certificates (that is, "hard certificates") solve all kinds of complex application problems encountered during the transition period of the new regulations and ensure the smooth release of software.
After the new regulations take effect, new applications, renewal applications, and re-issued OV code signing certificates will be affected by the requirements of the new regulations, and hardware storage will be mandatory. For customers who need to use soft certificate signing in a specific application environment, it is recommended to apply for a three-year OV code signing certificate (soft certificate) in advance before the new regulations take effect. Certificates issued before the new regulations take effect can still be used normally within the validity period of the certificate until the certificate expires.