New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Split costs for EV code signing cert #155
Comments
I'm looking into getting a certificate through an Austrian company, that process has been started. One major annoyance with the certificate is that its provided on a hardware dongle so it can not be easily shared. About a website, I already have one https://xanasoft.com just very not finished at the moment. |
I sent you 51 Euro, via Paypal to help. |
@DavidXanatos If somehow you don't suceed with the Austrian company, there's still Sectigo that makes cheap certs https://www.gogetssl.com/code-signing-ssl/code-signing-ssl/ |
@deajan The product you linked is a non-EV code signing cert. Microsoft requires an EV certificate which is sold for $350 on that website too. You also need to be a company and have your address and phone number listed in a public directory to get the EV cert. |
@NavinF Indeed, forgot about the EV stuff... I myself bought them for my company with thawte for a fairly high price. This is just in case the Austrian SSL stuff won't work. |
here is a list of accepted EV certificate providers: https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate |
They state to accept sectigo EV certificates, sold 300$ on gogetssl ;) |
Ah I see gogetssl is just a reseller...
So you would get the cert on your name and send the HW token with it to me? |
@DavidXanatos Sectigo does not provide a HW token, it's just a PKCS12 certificate, and yes, my company can be a "name holder" on request, as long as that certificate won't be used outside of Sandboxie (or more generally speaking Xanasoft). |
@deajan Ok thanks for the offer will keep that in mind just in case 👍 This Sectigo page https://sectigo.com/ssl-certificates-tls/code-signing says "Protects private key from theft via hardware token and PIN" and when you look through the perches options for the EV cert you must pick a delivery option for the token. It does not look to me as it would be possible to get the EV cert in a copyable form. I also remember to have read that while it is not formally required to provide EV certs on a token, all the CA's offering EV certs supposedly only provide them on/to a token. So would you offer still stand in the scenario that the cert would be on a token? |
Hmm if I buy the cert, I can't mail the USB token to you. I'd rather give you ssh and rdp access to a machine in my data center that always has the USB token plugged in. |
First one would have to clarify if the token needs any sort of user interaction to operate, usually such devices require eider a pin or at least a single button press to confirm physical presence. Of cause that could be mitigated using a remotely controlled robot finger, muhahahahahaha.... |
Strange, I bought my thawte certificate that runs without any HW dongle on gogetssl reseller 6 months ago. @NavinF I'm already donating every month on Patreon since the beginning, but I happily throw in another 50$ |
Had a quick chat with gogetssl reps yesterday, indeed, all sectigo (also includes gogetssl brand itself) provided EV certificates are bound to a hardware dongle. I am not against shipping you that HW dongle, as long as I can revoke the certificate in case of piracy (need to keep my company's name clear in case of trouble), and we sign a usage agreement. |
Ok cool :) Cheers |
I can buy an EV code signing cert under my company name and sign release binaries. That way, normal users can install and use Sandboxie without jumping through hoops (#95)
$349.00 is the cheapest I could find. Would anyone be willing to split the cost 50/50? If so, I'll go ahead and buy the cert.
I'd also like to make a website to host releases (github is confusing for normal users), but that can wait until we have binaries that work out of the box :)
The text was updated successfully, but these errors were encountered: