LiveChat

Close

chat

ComodoSSLstore Loading

How Does EV Code Signing Work?

Extended Validation Code Signing adds a layer of security to the signing process

By now you know that EV Code Signing is the only way to get instant Application Reputation from Microsoft SmartScreen. But how does it work? Let us walk you through the process—from validation to signing.

Extended Validation

You purchase and order your EV Code Signing certificate just like any other code signing certificate, but the validation is a bit more intensive. Not unlike with EV SSL, Comodo is going to put your through a rigorous vetting process to ensure that you are legally registered entity operating in good faith. If that all sounds like a lot—it isn't. And company or organization with up-to-date registration information will cruise through validation.

Friendly Tip: Need help with validation? We've got you covered. Our SSL experts are available 24/7 to help you navigate the validation process.

An Added Layer of Security

When your EV Code Signing certificate is issued, the private key is physically mailed to you on an external hardware token. This protects against unauthorized access. A compromised private key can be used to sign malicious software, which would crater your reputation across all browsers. By storing your private key on an external hard drive, it prevents anyone from illegally accessing it on your network. It turns a digital security issue into a physical security issue—and that's much easier to manage.

Walk Me Through the Signing Process

Hashing

After your software is created, you hash it. This hash lets users know whether or not the software has been tampered with. If the download doesn't produce the correct hash value, the browsers know it has been compromised.

Signing

Now it's time to insert your external hardware token and use your private key to digitally sign and timestamp your software. This lets the browsers know who published the software and whether to trust it or not.

Download

After the software is hashed, signed and timestamped, it can be posted for download. Whenever a customer tries to download it, their browser will know who published it, whether to trust it and if it's been tampered with.

Get Trusted by Microsoft SmartScreen

The biggest advantage to Extended Validation Code Signing is that it affords you instant Application Reputation in Microsoft SmartScreen. Read that again: Instant Trust. After undergoing extended validation, Microsoft views you as a reputable, upstanding company. That means more conversions. It means expanding your customer-base by as much as 25% (based on Microsoft's market share). Can you afford to leave that on the table?