Code Signing - Info

[chambers120GMail]

Hi Ian, loved the presentation as all of yours! I'm not finding the code signing certificate web sites of our options for checking on. I'm interested in the least cost as I develop on a hobby level for my church and funds are limited. Thanks! Charlie

[checkdigits]

Hi Charlie, for code signing I'd recommend that the cheapest I've found is here at K Software https://ksoftware.net/code-signing-certificates/

You'd need an "OV" certificate which costs around $89 for the USA. I'm not sure what prices are in other countries but they're about the same. I have both UK and US clients who have used K Software. Commodo (https://www.comodo.com) are the actual certificate authority who produce those certificates. The subsequent year renewal prices are discounted and therefore cheaper.

I can't be sure but there may be discounts and similar schemes for non-profits although I've not been down that route myself. I know you don't get any discount for individual developers compared to corporates since I've done both. 😄

As an individual developer you'd need to take proof of ID to a notary - in the US most UPS stores do this for a nominal amount around $5. When you order the certificate Commodo will send a series of emails telling you what to do and how to get the proof to them via a secure online process. It's fiddly stuff but not difficult; I think I might have had to send a redacted copy of my passport too.

For corporate and charity certificates Commodo can usually carry out the necessary ID checks automatically via publicly available information and databases such as D & B.

Good luck - feel free to add comments to this if you have any further questions about the process or email me directly for specific questions about your certificate if you go ahead and get one.

[chambers120GMail]

Wow! Thanks so much for the speedy reply! I know you get a ton of email and postings so I appreciate your efforts toward my question. It sounds best and most efficient that I apply in the church's name and publish with it as it's all free work on their behalf and I am not looking for compensation. I assume that if the program/code is of value then the church can decide on payment if they thought it had value/merit in it's sale to other churches.

[checkdigits]

Yes I think that's the best way to go about it. I assume they have some sort of legal entity like an LLC or similar charitable structure which will mean they appear in a database somewhere which should make the approval process much more straight-forward than doing it in your own name. For corporates, first time certificates take about 1 - 2 business days to set up.

You'll end up with an approval email which will tell you how to collect your certificate - it will need to be the same PC from which you made the original request and - shock horror - it may insist you use Internet Explorer to collect it. This will give you a file ending in ".p12" which is your actual code-signing certificate. Most tools, Delphi included, need you to use a a certificate ending in ".pfx" - make a copy of your .P12 certificate and then simply rename the file extension to ".pfx"; they are exactly the same file at the binary level! Make sure you make notes of the passwords you use to create the initial certificate file as you'll need to use them again.

After than you can sign your apps with the code certificate. For ".exe" apps you can use the tool from KSoftware or the Microsoft tools. For APPx format apps you just put the details into the relevant place in the Delphi IDE as shown in the webinar.

BTW - thanks for your kind comments, I really appreciate them. Delphi really is my super-power and being an MVP means I get to spread that concept around a little to other developers. 😃 👍

[chambers120GMail]

Thanks again for the additional info. I also want to thank you for the "heads up" on running two monitors and using a vertical mounted monitor you showed in code rage 12 - i think. I have a good friend in the UK (IT & Delphi programming) that i help a bit from time to time with "lower level" (custom components, etc.) issues. Your presentations always remind me of my conversations with Steve and the good time and camaraderie we have shared over the years. Thanks for all your help!BTW: I went on GitHub and viewed the video - fantastic of the app developed with Delphi encourages me even more!