Code Signing Tool

In my previously post I put in a nice word for COMODO Code Signing Certificate. In this blog entry I will introduce the tool, SignGUI to digitally signing solutions in an easy and smooth way.

SignGUI is a graphical front end for Microsoft’s SignTool.exe console utility. It’s free and can be downloaded from Briggs Softworks.

The following screen shot is rather self-explanatory and that’s all required in order to sign a solution. It’s also possible to create a template file that can be reused:

If I was to summarize these two blog entries about buying certificate and signing with digitally certificate it would be with two words: affordable and easy. What more can we require?

Kind regards,
Dennis

Update 07/27/2011:
K Software has released a free code signing tool, kSign, that is not depended on signtool.exe or signcode.exe. It’s available at the following URL for download: http://codesigning.ksoftware.net/

COMODO Code Signing Certificate

During the last couple of years security has become more important. Today it plays a central role in many businesses around the world. As external consults we must be aware of it but perhaps more important is that we support it in a way that actually add more security to their business.

Through the years I have strongly advocated that all kind of software solutions should be digital signed with a Code Certificate. In that way customers know that the solutions come from secured and trusted vendors. After all, who wants to download and install softwares from “unknown”?

Within the online Excel developer community it still has not yet become a de facto standard to digitally sign any add-ins or individual workbooks with a certificate.

From what I can understand it’s related to the following:

• It’s too expensive to buy.
• It’s too difficult to configure and use a digital certificate.
• “My customers don’t require it.”

I will start with the last item on the list. If the customers are not aware of it it’s difficult to require it, right? So instead of making a (wrong) conclusion I instead suggest that You try to educate the customers about software security in general and more specific about digitally signing of solutions. Personally I would appreciate it very much if an external consultant gave me an introduction to security.

The second argument is also something that can easily be fixed. It actually exist good guidelines and if we just follow them we would manage to both configure and use the digital certificate.

Finally the price level, for years many Excel developers say it’s too expensive to buy which also become a defence for not taking it seriously. At least, that’s my impression.

For years ago there existed a few vendors that wanted US$ 400 per year for a Code Signing Certificate. But time changes to the better even in this case. Today it exist several more vendors who offer a far better price than what many Excel developer claim it costs today.

To sum up, the list of “excuses” is no longer valid as I believe it exist an attractive solution for all of them.

Recently I found a new vendor who offer COMODO’s Code Signing certificate for a very attractive price. On the vendor’s site they also offer tools to be used with the Code Signing Certificate and also guidelines or link to guidelines on how to use certificate. And top of it, the vendor offers an excellent support.

I suggest You take a closer look at K Software‘s site which can be found at the following URL:

http://codesigning.ksoftware.net/

And as You will note when visiting their site; they explicit target small businesses.

Kind regards,
Dennis

Ps: I have no commercial interest in K Software’s business. My opinion about them is only from a very satisfied customer.