Information about Comodo Code-Signing
I don't know if this pertains to most customers, but it would have
been useful to have this information about individual orders on the
order page.
The non-EV certificates can be purchased as an individual (e.g., not a
company). This requires a different validation method, which entails
having a notarized "face to face verification"
https://support.comodo.com/index.php...ification-form
If you want an EV certificate, the individual option is not possible.
I'm having a frustrating time, trying to get my Dun and Bradstreet
record to become available "globally". It's been weeks now. So now I'm
going to try a personal order.
Comodo uses https://www.upik.de/en/ to look up the record. I have been
checking it every day, and their captcha is frustrating as heck (find
the cars, find the store front, find the traffic lights). If your
record isn't there, you are SOL. It doesn't matter if you can
successfully look it up on dnb.com.
Jeff Slarve
www.jssoftware.com
Ones and Zeros are my Heroes
Re: Information about Comodo Code-Signing
Also, does the Non-EV certificate really support kernal-mode signing?
This page seems to specify that an EV certificate is required for
that.
https://docs.microsoft.com/en-us/win...sta-and-later-
Jeff Slarve
www.jssoftware.com
Ones and Zeros are my Heroes
1 Attachment(s)
Re: Information about Comodo Code-Signing
Hi Jeff,
> Also, does the Non-EV certificate really support kernal-mode signing?
>
> This page seems to specify that an EV certificate is required for
> that.
this is from their "previous" website (see attached screenshot).
Friedrich
Re: Information about Comodo Code-Signing
Jeff,
> I don't know if this pertains to most customers, but it would have
> been useful to have this information about individual orders on the
> order page.
Thank you for your suggestion! Information added.
http://www.lindersoft.com/order_codesigning.htm
Friedrich
Re: Information about Comodo Code-Signing
On your website its got:
Note 1: since the private key is stored on the hardware token, for
security it cannot be copied or exported to create a PFX file
Does this means its being stored in the Intel CPU's like this?
https://www.intel.com/content/www/us...-security.html
Do you know if it only works with Intel CPU's or are AMD cpu's
supported and do you know if removing the Intel Management Engine which
some consider to be a HW backdoor would bugger up this hardware token
storage?
With the github code released about removing the Intel Management
Engine I have not see anything talking about it affecting certs that
might be stored on the cpu but that could be for a number of reasons
including not realising the certs are stored in this part of the CPU,
or it could just be malicious code designed to tank a cpu which isnt
cheap.<g>
https://github.com/corna/me_cleaner
https://gist.github.com/CHEF-KOCH/af...09497d136996df
https://github.com/bartblaze/Disable-Intel-AMT
--
Richard
--
Richard
Re: Information about Comodo Code-Signing
Richard,
I think there is no Intel CPU involved. The E-Token is some kind of secure
USB flash drive.
Friedrich
Re: Information about Comodo Code-Signing
This is all I can really find about eToken.
https://en.wikipedia.org/wiki/Aladdi...ity_management
https://safenet.gemalto.com/multi-fa...p/etoken-pass/
So it appears that only the comodo EV certs are stored on these etoken
dongles, the std certs are not.
https://support.comodo.com/index.php...g-certificates
I wonder how these etoken dongles work, ie do they use the USB bus
still which can be sniffed using Portmon to capture serial data or
https://desowin.org/usbpcap/ to capture raw usb data.
It might be fun to see what secrets can be given up with these etoken
dongles.<g>
--
Richard
--
Richard
Re: Information about Comodo Code-Signing
Hi Friedrich -
Not to make more work for you, but:
1. I would remove this from "Note 2" under EV, as it is misplaced: 'It
requires a different validation method, which entails having a
notarized "face to face verification"'.
2. Under the "Standard", I would put this note: 'Note: Individuals are
able to purchase standard code signing certificates, but it entails
the use of a different validation method than done for companies. See
<a
href="https://support.comodo.com/index.php?/Knowledgebase/Article/View/903/0/face-to-face-verification-form">here.</a>.
Jeff Slarve
www.jssoftware.com
Ones and Zeros are my Heroes
Re: Information about Comodo Code-Signing
Hi Jeff,
I agree. Changed! Thank you :-)
Friedrich
Re: Information about Comodo Code-Signing
> The non-EV certificates can be purchased as an individual (e.g., not a
> company). This requires a different validation method, which entails
> having a notarized "face to face verification"
> https://support.comodo.com/index.php...ification-form
>
> If you want an EV certificate, the individual option is not possible.
I notice that in the declaration in the document linked above, it says in part..
"Declaration Made by Applicant According to Comodo's _Extended Validation_ Certificate Requirements"
So that sounds like it is _for_ EV certs...
I am also wondering if this works outside the US, especially wrt "Confirming Persons"?
Has anyone any knowledge or experience...?
Thanks.
John Newman
Software Partners Australia
C11