how many types of code signing certificates do I need?

in Canada, website SSL certificates can be had for as low as US$10.
unfortunately, code signing certificates cost about 10 time as much,

one website mentions Vista compatibility ... this seems strange
because my assumption is they must support XP,
Vista, Windows 7, Server 2003, and Server 2008
or they would be useless.

https://secure.ksoftware.net/code_signing.html US$99
Support Platforms
Microsoft Authenticode.
Sign any Microsoft executable format
(32 and 64 bit EXE, DLL, OCX, DLL or any Active X control).
Signing hardware drivers is not currently supported.
Abode AIR. Sign any Adobe AIR application.
Java. Sign any JAR applet
Microsoft Office.
Sign any MS Office Macro or VBA (Visual Basic for Applications) file.
Mozilla. Sign any Mozilla Object file.
The implication is that a single code signing certificate
can do ALL of the above.

ksoftware actually discounts Commodo certificates
and the Commode website is unclear.

QUESTION:
Will ONE code signing certificate be enough
or do I need one for Microsoft executables,
and a second for things like Word and Excel macros?

my main goal is to sign things like vs2008 code snippets so that I can export them securely; however, I would like to be able to use the same code signing certificate for signing other items too.

Thank you ~~ regards, Gerry (Lowry)

it would be wonderful is code could be signed with my GnuGP key which is free to me. Problem is the operating systems only support code signing certificates AFAIK and most end users would not know how to deal with PGP type signatures/encrypting files.

gerryLowry 2010-04-07 07:15:51

Thank you, Dani (a) seems that's the case BUT possibly not with VeriSign (I could be wrong, however, a VeriSign rep said I'd need a separate certificate for signing for Sun -- that's not a problem for me because I'm mainly trapped in the Windows' world. Jeff Wilcox has a useful web article at http://www.jeff.wilcox.name/2010/02/codesigning101/. see next comment regarding what you can sign with the Comodo/kSoftware $99 key.

gerryLowry 2010-04-08 18:24:45

(a) continued: Regarding kSoftware/Comode, Jeff Wilcox writes that the $99/year key can be used for:"Signing Windows executables; .NET programs, class libraries, ClickOnce apps;.MSI installer files; Adobe AIR apps; Java JARs; Microsoft Office/VBA macros;Mozilla objects and extensions; Signing Visual Studio extension packages (.vsix files),although SignTool doesn’t directly support this (no SIP module)".

gerryLowry 2010-04-08 18:27:57

(b) actually the reason to purchase a code signing certificate is to benefit one's end users. I'm not enough of a fool to believe it's 100% safe; otoh, it at least gives end users some degree of confidence that the code is from a legitimate source. There's no real guarantee how safe the code is because even robust code can be trashed by an operating system update. As programmers, we must remember that many of our end users are less computer literate that ourselves. We must do our best to make their lives easier and also protect them to the best of our abilities. regards, gerry (lowry)

gerryLowry 2010-04-08 18:46:02

Hi Gerry, I will look for a certificate that I've bought around a year ago and see when it came from and how it was used... anyhow - the only thing that it is good for is to avoid your users to see a security question when installing the app... (the users that doesn't know what it is worth, probably doesn't know how to inspect it anyhow.. they trust the os to do that for them)

Dani 2010-04-09 18:06:17

ansaurus

tags:

views:

answers:

how many types of code signing certificates do I need?

related questions