1. Home
  2. Signing certificates
  3. Code Signing EV certificates
  4. DigiCert Code Signing EV: maximum security for application developers

DigiCert Code Signing EV certificate Order

A new generation of code signing certificate that allows developers and software companies to add a digital signature to an application distributed over the Internet and increase the security of certificate use. Any change in the signed application code is detected and the application will become untrustworthy. The new generation of Code Signing certificates secures code signing by using a hardware token, making certificate theft or misuse impossible.

EV certificate on HW token
1 Name of the company
Additional domains
3-5 days Issuing Time
100% Browser Recognition
  • Pricefrom $723
  • Validity1-3 years
  • Secures Desktop and smartphone apps
  • Compatible w/all major browsers
  • Public key algorithm RSA
  • Symmetric encryption256 bit
  • Public key length3.072/4.096 bits
  • Root CADigiCert Global Root
  • Money-back guarantee30 days
  • Certificate reissuefree and unlimited
  • Multi-domain support (SAN)N/A
  • Private key on tokenYES

Recommended certificate use

The certificate is used by leading software companies which, besides the digital signature of their application, require the highest digital signing security. A new generation of Code Signing certificates is useful when hackers would compromise your application authenticity and spread malware instead of genuine software.

What does Extended Signature (EV) signing for Code Signing mean?

Many of the large and well-known software manufacturers face hackers’ attempts to exploit their applications and spread malicious code under their name. A common problem is Code Signing certificate theft along with its private key. Then the hacker gets the chance to sign his malicious code with the manufacturer's certificate and gain end users’ trust.

The next-generation Code Signing EV certificate brings you the possibility to sign the code using a hardware token, which increases the certificate’s security to a new level. You do not need to worry about certificate misuse, even when a hacker steals the token; he could not use it. Theft of a private key usually means a certificate’s complete compromise, but not in the case of Code Signing EV certificates.

Code Signing EV guarantees you 100% trust in the SmartScreen Filter, which is a part of Windows. A common signature could be untrustworthy because SmartScreen assesses the signature's credibility by many other criteria. With the Code Signing EV certificate you can be sure that this does not happen.

Importance of EV Code Signing for Apps

The EV code signature is a revolutionary innovation for all application developers. The signature helps users trust applications and prevents the program from being blocked by the  Windows Smartscreen Filter .
An application signed with EV Code Signing will never be blocked by SmartScreen.

Even if SmartScreen does not know the application, it could not be blocked. SmartScreen is able to block an application signed with a common Code Signing certificate if it does not have a good reputation and many downloads.

The second big advantage is a higher security of use. The certificate and its private key are stored on the HW token that you receive from the certification authority.

HW token with the certificate you will receive with DigiCert Code Signing EV

Storing keys on the HW token  protects the certificate from misuse . You do not have to keep it on your computer and risk its theft. Both the certificate and the private key are stored on the HW token and you need a password to use it. Any thief would have to steal not only the HW token physically, but also know your password to use it.

You need the HW token every time you make a signature. When signing the application, the HW token service application asks for the password to unlock the private key and your application will be signed. You do not have to store the certificate on your computer and even if the token is stolen, the private key is password protected and the token will be blocked if the wrong password is given several times. This prevents the password from being broken by a dictionary attack.

HW token utility and certificate application

Code Signing EV certificate and its signature delivers greater security of use, trusted signature, and protect certificate owner against theft and misuse of the certificate.

The Code Signing EV certificate delivers greater security of use, a trusted signature, and protect certificate owner against theft and misuse of the certificate.

DigiCert Code Signing EV price list

You can use the certificate on all development platforms because it is universal. An application signed with the Code Signing EV certificate is always guaranteed to be trusted in the Windows SmartScreen filter.

1-year Price

$775.00
  • CA sells it for: $755
  • Huge savings over the CA price
  • A token for 80 $ must be purchased
Order

2-year Price

$1,460.00
  • CA sells it for: $1434
  • Huge savings over the CA price
  • Lower price per year than 1-year
  • A token for 80 $ must be purchased
Order

3-year Price

$2,170.00
  • CA sells it for: $2151
  • Huge savings over the CA price
  • Lower price per year than 2-year
  • A token for 80 $ must be purchased
Order

Prices are without VAT.

The certificate signature in the system

When you start the application signed by DigiCert Code Signing EV certificate, you see the initial executed fil information. The user trusts the application because there is a digital signature from the software manufacturer. In the details of the signature, the customer can find out the date of application signing, details about the certification authority, etc.

Detail of the certificate DigiCert Code Signing EV

Supported platforms

Choose the DigiCert Code Signing EV certificate for your application and platform.

  • Microsoft® Authenticode®

    The certificate is intended for signing .exe, .cab, .dll, .ocx, .msi, .xpi, and .xap files. It is required for Microsoft Windows Logo certification.

  • Java

    Certificate designed for Java applications for desktop and mobile devices. Signs .jar files and is compatible with the Java Runtime Environment (JRE).

  • Microsoft® Office and VBA

    The certificate is intended for signing VBA objects and macros. Suitable for Microsoft Office and third-party VBA applications.

  • Adobe® AIR®

    Digitally signs .air or .airi files. Necessary for all AIR-based applications.

  • Android

    The certificate for signing .apk files for Android.

  • Microsoft Windows Phone

    Digitally signs the code for Windows Phone and Xbox 360. Signing is required to publish the application to the Microsoft App Hub.

  • Qualcomm BREW

    Digitally signs the code for BREW platform.

FAQ - Frequently Asked Questions

The certificate is stored on the token for maximum private key security, thus eliminating the risk of certificate abuse. The certificate will not be misused even if the token is physically stolen, because the signature (using the private key) requires a password and cannot be exported. Entering the wrong password several times will block the token and become unusable.
For each signature, it is necessary to have a token on the computer where the signature takes place. If you sign in a team, you need to borrow the certificate or choose to save the certificate on HSM (consult our support in such a case).
The signature can be done on any platform able to do it. Signing takes place through the given development platform's tools, referring to the repository containing the certificate or a specific file (PFX).
The Code Signing certificate can be signed by a code and applications for any platforms, it is not bound to one. Its typical use is for Microsoft Authenticode, but you can also sign Java applications with it.

From the perspective of the development environment, it again does not matter - the Code Signing certificate will work with any development environment that supports application and code signing. Windows typically uses Signtool, which is a part of the Windows SDK.

The only exception is with the Code Signing EV certificate - this type of certificate needs the Safenet support application for signing, which is available for Windows, Linux, and MacOS.