Why Can Only Certain Browsers Generate Automatic Keypairs?

In the world of PKI and SSL some certificate authorities use browsers such as Internet Explorer or Firefox to automatically generate keypairs to be used with Email-S/MIME Code Signing or Client Authentication Certificates. Not all Browsers have the capability to generate these keypairs due to licensing restrictions of the <keygen> and ActiveX controls that perform keypair creation in conjunction with operating systems restrictions.  <keygen> The HTML <keygen> is a licensed element used to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. Firefox is able to utilize the <keygen> and generate automatic keypairs because Firefox uses its own Keystores that do […]

Read More

SHA-1 or SHA-256 for Windows kernel-mode Code Signing

Problem Windows Vista and Server 2008 trigger a security warning for code running in kernel mode if the code was signed with a SHA-256 Authenticode certificate. The current workaround is to use a SHA-1 certificate. However, SHA-1 is being deprecated. Patched versions of Windows 7 and newer versions of Windows operating systems will trigger a security warning for code signed with a SHA-1 certificate after December 31, 2015. Certificate Authorities such as Symantec/Digicert state that they will still issue out SHA-1 Code Signing but “SHA-1 Code Signing certificates have a max expiration date of December 30, 2019.” and will be discontinued there after. Patched Windows 7 and newer versions should be unaffected. Kernel-mode code that is signed with a SHA-256 […]

Read More

Digicert EV Code Signing – Installing SafeNet Client Software on Your Computer.

Whether you are providing your own hardware token, or you had DigiCert ship you a secure token with your preinstalled EV Code Signing Certificate, you need to install the SafeNet drivers for your computer to interface with the device. These instructions explain how to install the client software on to your computer after you’ve already received and configured your hardware token from DigiCert. This will allow you to sign application with your EV Code Signing hardware device token on multiple computer machines. SafeNet Installer Note:  If you don’t have the SafeNetAuthenticationClient.exe, if you’ve lost the option to download the SafeNet Drivers from your account, or if you need help downloading the software, or if you need driver software for other OS […]

Read More

Digicert Certificate Utility – Code Signing (Guide)

The Digicert Certificate Utility is probably one of the best certificate encryption tool out on the net. A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing. Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it. Although Some Certificate Authorities my separate their Code Signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. jre […]

Read More

How To Import A Digital ID, Email, or Code Signing Certificate Into A Windows System?

Digital signatures identify/authenticate you as the document signer and allow document recipients to verify that no one has modified the contents of the document since you signed it. Signing, Encrypting and reading will vary depending on the applications that are involved. A Digital ID certificate is required to create a digital signature. The most secure Digital ID are issued by a trusted Certificate Authority. Some of these Digital ID’s are on tokens and other are files that are imported into trust stores on your system or application. On Windows operating systems the majority of these applications refer to the User trust stores. Note: Majority of the time Firefox is used to generate Digital ID Certificates Firefox, but Firefox does not […]

Read More

Thawte – Report Code Signing Misuse

Report Code Signing Misuse With Thawte Certificates. If you have encountered software signed by a Thawte code signing certificate that you believe is being used for malicious or harmful purposes, please report it to Thawte using this form. Examples Of Misuses Of A Thawte Code Signing Certificate Include But Are Not Limited To: The code acts as “spyware” The code is included as part of a “phishing” scheme Misleading descriptions in the code The code is used for “man-in-the-middle” attacks Thawte code signing certificates are used by software publishers to assure their customers that software they distribute has not been altered or damaged after it is signed. When you accept software signed by a Thawte code signing certificate, you have […]

Read More

Symantec – Report Code Signing Misuse

Report Code Signing Misuse With Symantec Certificates. If you have encountered software signed by a Symantec code signing certificate that you believe is being used for malicious or harmful purposes, please report it to Symantec using this form. Examples Of Misuses Of A Symantec Code Signing Certificate Include But Are Not Limited To: The code acts as “spyware” The code is included as part of a “phishing” scheme Misleading descriptions in the code The code is used for “man-in-the-middle” attacks Symantec code signing certificates are used by software publishers to assure their customers that software they distribute has not been altered or damaged after it is signed. When you accept software signed by a Symantec code signing certificate, you have the assurance that Symantec has authenticated the […]

Read More

How To Export A Certificate From Firefox.

Depending on the circumstance you may need to export a certificate that has been installed in your browser. Code Signing and Mail Signing certificates purchased from a Certificate Authority (CA) usually use browsers to generate the keypair and install the certificate on the browser. After which you can then export the certificate, and distribute it to whoever or apply it to your signing application that requires it. We will assume that you have successful installed/picked-up or already have a certificate in your Firefox browser. To export/backup your certificate from your Firefox browser perform the following. Step 1:  Exporting your certificate from Firefox: In the upper right of your Firefox browser click  Click Options. In the left pain click Advanced. Under Advanced click […]

Read More