Leaderboard

I had a terrible experience with Certum - I bought a sim and card reader from them for testing Signotaur - however I didn't purchase a certificate - I can test with self signed certificates - however they refused to provide the pin to the card because I didn't purchase a certificate - rendering it completely useless. I do not recommend them at all.

All will be done online with a little program to download (they provide all links and docs during the process). You should receive the box soon. When received, if Certum hasn't responded after 2 days, don't hesitate to tell support so that they can start the control procedure. When I renewed late this year, everything was done in less than 5 working days (I reused the token I received the year before).

I have no idea of the procedures used by certificate authorities with dongles. But technically, the end user creates a certificate signing request using the private key in the dongle, that is sent to the CA that creates a certificate with the details and public key from the CSR and signs the new certificate that is returned to the purchaser and is loaded back into the dongle. The CA is not allowed to see or keep private keys, in the past millions of certificates have been cancelled when a CA was found to kept private keys it issued online. In practice, to make life easy for purchasers they want to ship a dongle with a new private key and certificate loaded, which is effectively a manual process, someone needs to plug the dongle into a PC or appliance and run an app to do it all. Thus the horrible cost. Angus

I bought an EV certificate yesterday from Certum ( @Patrick PREMARTIN talked about it in a previous post) obviously on physical media (USB Reader + SIM). And they confirmed to me that the SIM is "virgin", it will be written with the certificates once it arrives in my possession and after confirmation of the header data. Again, with each update (I will do it after three years) both the public and private key will be lost because everything will be overwritten. Now I await delivery and the subsequent activation processes. I don't know if the "writing" and activation process will be online or if they will send me something.

When I looked at it, it also forced us to use Entra ID for 2 factor authentication - which pushed up the price considerably - if I were using Azure for anything else it wouldn't be a big deal - but I'm not.

It's not that bad for the lower tiers but I was more comparing the premium tier (i.e. more than one certificate) @ $1200/year against something like Signotaur @ $200/forever.

The CSC are available only on physical token or by a cloud hosting solution like Amazon HSM (https://aws.amazon.com/fr/cloudhsm/). If a provider tells you an other thing, it talks about an SSL certificate or it's not a real CSC provider. The less expensive I've found is Certum. I use them since two years. If you choose the token they send a USB SIM card reader (not compatible with Windows ARM) and a SIM for the storage. After that the certificate is delivered directly to the token by a Java app. The PIN code is needed for each signature. If you choose the cloud CSC you will have to use a Java app each time you sign to allow access to the certificate. Other provider has physical keys which need or don't need the PIN for each signature. Check before ordering. If you try Certum, order here : https://certum.store/data-safety/code-signing-certificates.html Choose the "Standard code signing" in the cloud or set (the box with SIM+card reader) depending on what you need.

This should be: Options := TNSMutableDictionary.Create; This should be: Options.setObject(TNSColor.OCClass.whiteColor, NSObjectToID(NSWorkspaceDesktopImageFillColorKey)); Since setObject takes pointer parameters, for both. The rest should follow the same rule. Incidentally, there's loads of examples of using an NSMutableDictionary in the Delphi source (as well as in Kastri)

Yes, it's just what we needed.

Sure you can copy a certificate from a token, the certificate is also in every program you sign. But the token keeps the certificate private key secure so it can not be copied, shared or stolen, which means you can only sign code with the token, which actually handles the sign operation, the private key never leaves the token. There are ways to remotely sign code using the cloud or remote servers, suggest reading https://www.finalbuilder.com/resources/blogs/code-signing-with-usb-tokens Microsoft also has a remote signing solution https://learn.microsoft.com/en-gb/azure/trusted-signing/ Angus

I can see that at both ssl.com and signmycode.com you can buy a code signing certificate without a token. I don't know how they then deliver it. As far as I can tell codesigningstore.com also offer that option but J.F.C they're expensive! $566 for a 1 year EV certificate without a token. The same costs $299 at signmycode or $349 at ssl.com. Btw, don't believe their claim of 1-5 days to issue an EV certificate. It takes at least double that - and a clonable DNA sample from your firstborn.

I haven't done code signing before, can you use any certificate for it? Would one of these people work? https://www.gandi.net/en/security

Ok, thats great. So let me elaborate: When you have found out what native functions are used in Objective-C to get the wanted result, then you can search the source code of Delphi for those functions. This will tell you exactly what function to call in Delphi to access the feature. Its of course nice to be able to get help here in DelphiPraxis, but its even better if you know how to find the solution on your own - and its much faster 🙂

I've done that! It was a very long time ago, to obtain a shiny "City & Guilds" certificate 🙂 (that's a UK kind of post-school, practical skills examination board).

Final version of my eBook Delphi Event-based and Asynchronous Programming has been released - 291 pages. You can find more information and purchase option at: https://dalija.prasnikar.info/delphiebap/index.html Thanks to all of you who purchased the incomplete pre-release version (179 pages) of my eBook! After a minor delay, the full version is here! You can download it through the same PDF/epub/mobi links that you have received earlier from FastSpring via email. The subject line of that email message was: "Your Delphi Event-based and Asynchronous Programming - Part I Delivery Information". If you have any problems, feel free to contact me via the contact form on my site. Thanks again! Happy Holidays to you all!

Paperback edition of the book has been released. There is 50% discount for paperback edition for everyone who buys eBook edition. If you have already purchased the eBook version, and wish to buy the paperback, you're also eligible for a 50% discount! You can find instructions at: https://dalija.prasnikar.info/delphiebap/index.html

Not yet, as we have a backlog of other projects that piled up in the meantime. I had COVID and the earthquake hit the region again on December 29. None of this helped my keep my planned schedule. I do plan to release paperback eventually, but can't tell exactly when.

Thanks! About the delay... the final release was originally planned for December 11, but I had a minor accident on November 30, and ended up in ER, where I also tested positive for COVID! In less than a week whole family got infected. We all had mild symptoms and were left at home with no treatment., but living was pretty hectic for most of the following two weeks... Anyway, we managed to release it about 16 days later than expected (I already had a lot of it written before, just not fully ready for release) I would say that all this is behind us, as it is... but as you may have heard it... Croatia got hit by major earthquake today. This one was 50km from Zagreb where we're located, but it was 30 times stronger than the one that hit Zagreb in March. After 6.2 by Richter scale, local Nuclear Power Plant (Krsko) was shut down, and power is all but stable, which is why I may not be online as regularly as before in the coming days!