Open Source Code Signing in the Cloud

Are you a programmer or developer and share your software as free to use? Do you share it as open source project?

Secure your software with an Open Source Code Signing in the Cloud certificate, which provides:

Integrity
Elimination of the "Unknown publisher" message
Trust of your software users
Building a Microsoft SmartScreen Filter reputation

Using the SimplySign cloud solution eliminates the need to use a physical card and reader.

Skip to the end of the images gallery

Skip to the beginning of the images gallery

Details

The Open Source Code Signing certificate is a certificate that allows you to digitally sign software. The certificate is trusted by Microsoft and supports building the Microsoft SmartScreen Filter reputation.

By securing your software with an Open Source Code Signing certificate, you can protect your code from unauthorized modification and provide users with the security of the downloaded application.

By signing your code with an Open Source Code Signing certificate, people who download and install your software:

Wil not see “unknown publisher” warnings;
Will be sure that the software comes from a trusted source;
Will be guaranteed that the downloaded program hasn't been modified after its release;
Will be less likely to see the Microsoft SmartScreen Filter screen, which you eliminate by signing the software.

Read about the certificate issuance and usage information, available on the next product description tabs.

Use and benefits

Benefits of the Open Source Code Signing in the Cloud certificate:

Protect your good name and reputation;
Gain the trust of users;
Provide reliable identification of the origin of the software;
Receive a guarantee of the integrity of your applications;
Make the installation of your software easier and ensure that it meets the requirements of the platforms on which it is installed;
Add a timestamp, so that after the certificate expires, your application can still be installed without warnings about the lack of a signature;
Use it from anywhere at any time.

Compatibility:

Trusted by Microsoft, also for building the reputation of Microsoft SmartScreen Filter;
Trusted in Java;
Supports signing using tools installed in Linux/Unix and macOS systems;
Supports signing a number of file extensions, depending on the tool used, including: .exe, .msi, .dll, .jar, .war, etc.

Technical requirements

Requirements:

SimplySign mobile application for Android or iOS device to generate access codes;
SimplySign Desktop application for computer to connect to virtual cryptographic card in the cloud;
Account in the SimplySign cloud, which will be created during certificate activation;
Internet access.

Specification:

Data in the certificate: natural person data prefixed with “Open Source Developer” phrase;
Compliant with the X.509 v.3 (RFC5280) standard;
Signed with RSA SHA-2;
Minimum length of cryptographic keys: RSA 3072 bit;
Key storage: FIPS 140-2 level 3 or CC EAL 4+;
Issued in accordance with the international WebTrustSM/TM standard and CA/Browser Forum.

Note: We inform you that for Code Signing products in the cloud, there is a certificate usage limit of 5000 signatures per month. Exceeding this limit may result in contacting you to inform you of the exceedance and possible blocking of the product in the month in which the limit was used. Please respect the specified restrictions.

Verification

The verification process and documents required to issue a certificate are described in the instructions at: https://support.certum.eu/en/code-signing-required-documents/