Anyone with a new code sign certificate on eToken or in cloud would like to test my signtool.exe wrapper?

matthias_livecode_150811 at m-r-d.de matthias_livecode_150811 at m-r-d.de
Sun Jul 30 16:56:37 EDT 2023 


> Am 30.07.2023 um 20:08 schrieb J. Landman Gay via use-livecode <use-livecode at lists.runrev.com>:
> 
> Yes, prices have gone way up. You now need a physical USB stick with an encrypted certificate for Windows.

> I understand there is a cloud option too but we weren't offered that.
Not every certificate issuer offers the 'certificate in cloud' (software token) solution.
I for example have a Certum certificate. Certum offers for  the OV and the EV certificates both the certificate in cloud and the eToken solution. So one can choose.
For my OV certificate in the cloud I paid not more than i paid for my old  3-year certificate.
I purchased not directly from Certum, but from SSLPoint and paid 329 Eur for a 3-year OV certificate in the cloud.

For those who are interested in a Cloud certificate....
 Leaderssl.com is currently selling the 3-years Certum OV cloud certificate even for only 300 Euros and the EV for 600 Euros.

The cloud based solutions works this way:
You have to install a mobile app on your Android or iOS smart phone and also a desktop app on your Windows pc.
The mobile app creates a one time password which you need to login with your desktop app into the Certum "Cloud" or however this could be called.
As soon and as long you are  logged in to the cloud service  the certificate is "included" in your certificate store.
Signtool.exe and any also other signing tool, e.g. Jarsigner, which is able to sign using a token, can access the certificate then.

The eToken solution works similar. You have to install a driver for the eToken on your Windows PC.
As soon as signtool tries to access the certificate from the eToken, the driver software asks for the password to access the eToken.


Unfortunately osslsigncode for macOS currently does not support tokens, therefore it is not possible to sign Windows executabls on macOS anymore when using those new certificates.
Osslsignode for Linux shall support the new tokens, but i haven't tested it yet.


Matthias
> If you go for the USB solution, give yourself some time. We ordered from Sectigo and while they claim you will get the device in 2 or 3 days, they didn't send it for 5 weeks, which required numerous support interactions to determine why the order was lost in the bureaucracy. If that happens to you, get on phone, the chat bot people are evasive and will tell you it's processing and you will receive it in "2 or 3 days."  Demand to talk to a supervisor.
> 
> My client can be very persuasive when she's pissed off. :)
> 
> --
> Jacqueline Landman Gay | jacque at hyperactivesw.com
> HyperActive Software | http://www.hyperactivesw.com
> On July 30, 2023 1:45:06 AM Tom Glod via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
>> Hmm, I'm going to look into this Matthias,  I had not heard of etoken Certs.
>> I wonder if this is the reason for the recent doubling of the price of
>> signing certificates.
>> 
>> On Thu, Jul 27, 2023 at 10:49 AM matthias rebbe via use-livecode <
>> use-livecode at lists.runrev.com> wrote:
>> 
>>> Hi,
>>> is there anyone in the list who has already one of those new code signing
>>> certificates on an eToken or in the cloud and would like to test my new
>>> wrapper for signtool.exe?
>>> 
>>> Especially those who are not very familiar with Windows might find this
>>> wrapper helpful.
>>> 
>>> I've tested it with my cloud base certificate, but had no chance to get it
>>> tested from one with an eToken certificate.
>>> 
>>> So if there is interest, then please let me know.
>>> 
>>> Regards,
>>> Matthias
>>> 
>>> 
>>> _______________________________________________
>>> use-livecode mailing list
>>> use-livecode at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> 
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> 
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list