[{"data":1,"prerenderedAt":96},["ShallowReactive",2],{"$kqlZ7H7fqFC0j":3},{"code":4,"status":5,"result":6},200,"OK",{"blocks":7,"objectives":83,"title":90,"subheading":91,"intro":92,"related":93,"browser":94,"description":95},[8,15,20,25,29,34,38,42,46,50,54,58,62,66,70,75,79],{"content":9,"id":12,"isHidden":13,"type":14},{"level":10,"text":11},"h2","Three Validation Tiers of Code Signing Certificates","b099d220-720f-4035-bf33-7051ffde2d9f",false,"heading",{"content":16,"id":18,"isHidden":13,"type":19},{"text":17},"\u003Cp>All \u003Ca href=\"/ssl-certificates/code-signing\">code signing certificates\u003C/a> work the same way: a private key is used to sign a hash of the provided executable, and the corresponding public key (which is embedded in the certificate) allows others to verify that signature. The difference between the three certificates lies in how thoroughly the \u003Ca href=\"/learning/ssl/what-is-a-certificate-authority\">Certificate Authority (CA)\u003C/a> verifies the identity of the entity that holds the key.\u003C/p>","907520ec-e038-4c0a-92de-25aef74cdb7a","text",{"content":21,"id":24,"isHidden":13,"type":14},{"level":22,"text":23},"h3","Individual Validation (IV)","023eafb4-8309-492a-af5f-d8605b053e6a",{"content":26,"id":28,"isHidden":13,"type":19},{"text":27},"\u003Cp>The lowest level of \u003Ca href=\"/learning/code-signing/what-is-code-signing\">code signing\u003C/a> validation is Individual Validation. IV certificates are issued to a named person rather than to a registered business or another type of entity. The CA typically verifies the applicant’s identity via government-issued photo ID, but doesn’t check for organisational registration.\u003C/p>\u003Cp>\u003Cstrong>IV certification is a good fit for:\u003C/strong>\u003C/p>","ee42cd9f-d3c2-4a6c-b955-0190129d485b",{"content":30,"id":32,"isHidden":13,"type":33},{"text":31},"\u003Cul>\u003Cli>\u003Cp>Sole developers publishing software under their own name\u003C/p>\u003C/li>\u003Cli>\u003Cp>Open source maintainers who wish to sign releases with their own personal identity\u003C/p>\u003C/li>\u003C/ul>","1afc857a-c6aa-406e-b66b-20447fc77a5f","list",{"content":35,"id":37,"isHidden":13,"type":19},{"text":36},"\u003Cp>Validation requirements usually stop at the requirement to provide a government-issued photo ID.\u003C/p>","38f27747-3fb9-4ec6-b083-e71da5c652af",{"content":39,"id":41,"isHidden":13,"type":14},{"level":22,"text":40},"Organisation Validation (OV)","af0b1157-dce0-42e4-9f1b-90c60178ee51",{"content":43,"id":45,"isHidden":13,"type":19},{"text":44},"\u003Cp>\u003Ca href=\"/verokey/secure-code-signing-certificate\">Organisation Validation (OV) certificates \u003C/a>are issued to registered businesses or legal entities. In this case, the CA checks that the organisation in question is a registered entity, confirms its address, and verifies that the person requesting the certificate is authorised to act on the entity’s behalf.\u003C/p>\u003Cp>The signed binary shows the organisation’s verified name, giving end users a clear, accountable identity to evaluate. \u003C/p>\u003Cp>\u003Cstrong>OV certificates are a good choice for:\u003C/strong>\u003C/p>","2f3d6a59-064b-4954-8168-b475614ccb52",{"content":47,"id":49,"isHidden":13,"type":33},{"text":48},"\u003Cul>\u003Cli>\u003Cp>Software companies\u003C/p>\u003C/li>\u003Cli>\u003Cp>Independent software vendors (ISVs)\u003C/p>\u003C/li>\u003Cli>\u003Cp>IT teams looking to sign internal tooling\u003C/p>\u003C/li>\u003Cli>\u003Cp>Entities looking to sign code in a way that displays their verified organisation name\u003C/p>\u003C/li>\u003C/ul>","8b86a77d-6b22-4295-b63c-e63bfabbc0b7",{"content":51,"id":53,"isHidden":13,"type":19},{"text":52},"\u003Cp>Validation requirements include business registration documents, organisation-level address verification, and an authorisation check for the applicant.\u003C/p>","aa0707c5-388a-4cb8-a008-010f25cb3e9c",{"content":55,"id":57,"isHidden":13,"type":14},{"level":22,"text":56},"Extended Validation (EV)","f33f9109-270c-4b3f-af4d-cdd1481e0a12",{"content":59,"id":61,"isHidden":13,"type":19},{"text":60},"\u003Cp>\u003Ca href=\"/verokey/ev-code-signing-certificate\">Extended Validation (EV) certificates\u003C/a> undergo a rigorous identity check that goes well beyond that of OV or IV certificates. In this case, the Certificate Authority verifies the legal existence, physical address, and operational status of the entity seeking the certification, as well as the applicant's authority. This process can take several days from start to finish.\u003C/p>\u003Cp>Strict validation requirements, however, come with important practical \u003Cstrong>advantages for the holder of the EV certificate\u003C/strong>.\u003C/p>","ad5b3719-dcbf-4138-97b3-3877dfceebec",{"content":63,"id":65,"isHidden":13,"type":33},{"text":64},"\u003Cul>\u003Cli>Faster \u003Ca href=\"/learning/code-signing/unknown-publisher-warnings\">SmartScreen reputation build-up\u003C/a>, whereas it may take longer for non-EV certificates to accumulate download history and earn a positive reputation.\u003C/li>\u003Cli>Ability to sign kernel-level code (e.g. drivers, security software, etc.).\u003C/li>\u003C/ul>","54d59d2f-bd8f-4360-bda9-ea9080ce02c8",{"content":67,"id":69,"isHidden":13,"type":19},{"text":68},"\u003Cp>Validation requirements include a full legal, operational, and presence verification of the entity. This is a multi-day process.\u003C/p>","1070a9e4-13ad-49b0-9bf5-b1e122148ba1",{"content":71,"id":73,"isHidden":13,"type":74},{"text":72},"\u003Ctable width=\"100%\" border=\"0\" cellspacing=\"2\" cellpadding=\"5\">\n  \u003Ctbody>\n    \u003Ctr>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"col\"> \u003C/th>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"col\">IV \u003C/th>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"col\">OV \u003C/th>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"col\">EV \u003C/th>\n    \u003C/tr>\n    \u003Ctr>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"row\">Receiving entity\u003C/th>\n      \u003Ctd> Named individual\u003C/td>\n      \u003Ctd> Registered organisation\u003C/td>\n      \u003Ctd> Registered organisation\u003C/td>\n    \u003C/tr>\n    \u003Ctr>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"row\">Validation \u003C/th>\n      \u003Ctd> Photo ID\u003C/td>\n      \u003Ctd> Business registration, authorisation\u003C/td>\n      \u003Ctd> Full legal, operational, and physical\u003C/td>\n    \u003C/tr>\n    \u003Ctr>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"row\"> Signature shows\u003C/th>\n      \u003Ctd> Individual’s name\u003C/td>\n      \u003Ctd> Organisation name\u003C/td>\n      \u003Ctd> Organisation name\u003C/td>\n    \u003C/tr>\n    \u003Ctr>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"row\"> SmartScreen status\u003C/th>\n      \u003Ctd> Reputation takes time\u003C/td>\n      \u003Ctd> Reputation takes time\u003C/td>\n      \u003Ctd> Reputation takes time\u003C/td>\n    \u003C/tr>\n    \u003Ctr>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"row\"> Kernel-mode signing\u003C/th>\n      \u003Ctd> No\u003C/td>\n      \u003Ctd> No\u003C/td>\n      \u003Ctd> Yes\u003C/td>\n    \u003C/tr>\n    \u003Ctr>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"row\"> Hardware key\u003C/th>\n      \u003Ctd> Required\u003C/td>\n      \u003Ctd> Required\u003C/td>\n      \u003Ctd> Required\u003C/td>\n    \u003C/tr>\n    \u003Ctr>\n      \u003Cth bgcolor=\"#EBEBEB\" scope=\"row\"> Issuance speed\u003C/th>\n      \u003Ctd> 1-3 days\u003C/td>\n      \u003Ctd> 1-3 days\u003C/td>\n      \u003Ctd> 3-5 days\u003C/td>\n    \u003C/tr>\n  \u003C/tbody>\n\u003C/table>","513a1770-d395-40af-af98-1ba666bb73c2","html",{"content":76,"id":78,"isHidden":13,"type":14},{"level":10,"text":77},"To Summarize","aa86396f-6778-4838-a6be-73f95544ad44",{"content":80,"id":82,"isHidden":13,"type":19},{"text":81},"\u003Cp>IV, OV, and EV certificates all provide valid cryptographic signatures, with the differences among them reduced to the requesting entity’s level of verification. Feature-wise, EV-level certification offers the most comprehensive set of features and authority, but at the cost of the most in-depth verification; solo developers are likely to be perfectly fine with lower-level IV certification.\u003C/p>","3408341c-89fc-4a55-b660-f7f3910a16b5",[84,86,88],{"text":85},"Identify the differences between three different types",{"text":87},"Understand what each validation level doe",{"text":89},"Know when EV certification is required","Code Signing Certificate Types Explained","OV, EV, and IV compared","Code signing certificates are available in several different types, depending on the specific needs of the entity doing the signing. Depending on whether the entity in question is a driver publisher, a registered business, or a sole individual, and depending on the necessary level of trust, they will have to choose different code signing solutions.",[],"","Compare OV, EV, and IV code signing certificate types. Learn how to secure your software, build instant reputation, and eliminate \"Unknown Publisher\" warnings.",1776830074112]