The granularity of Digital Certificates

We all know how painful, cumbersome and complex a process it is to obtain a digital certificate to sign your code (both binaries and source code). The Certificate Authorities have had over 20 years to create a customer-friendly process to obtain and manage certificates, but they didn’t. Most software publishers, therefore, obtain one or two certificates and sign all their products, across all…


Developers unite against the expensive and cumbersome code signing certificates!

We could write this blog post in my favorite Windows text editor, Notepad++.  And I bet millions of other users would agree with me when I say: this Notepad++ project is simply amazing. The open source project Notepad++ has been used for over a decade by developers, system administrators, support engineers and many more people who want to edit all kinds of text knowing that Notepad++ will support…


The Code Signing Certificates' Journey of Pain: The Saga Continues

Incredibly, after nearly 3 weeks of back and forth, we finally find a way to get the certificate approval process going, our CPA (to approve our phone number) has been called and our office has been called as well. You can’t choose what number they call, they check it online using DUNS or other services. During the automatic call, you need to write down a code, click on a link the CA provider…


CodeNotary released today!

I am proud to announce that vChain is releasing CodeNotary v0.3.2 today. This is CodeNotary first release to the public and, after months of engineering efforts, we all feel super excited about the progress we have made to get to this point. CodeNotary disrupts the whole digital certificates industry by making the code signing process simple, instant and cheap. Over the past few weeks, we have…


Can we really trust PDF documents signed electronically?

Over the past year, we’ve embraced the electronic signature for digitally signing PDFs. Insurances, banks, and even the government gave legal validity to electronically signed PDFs. Today, everyone thinks that an electronically signed PDF is tamper proof. Unfortunately, it is not! A few months ago some security researchers run an experiment on that. The researchers, from the German Ruhr…


Avoid the Digital Certificates' Journey of Pain

Moshe and Dennis co-founded vChain out of their frustration with digital certificates.  As most people reading this blog post will surely agree, digital certificates are a constant source of pain and hassle. Why do we need to sign our code with a digital certificate? The process of getting a digital certificate for code signing is better described as: extremely cumbersome and time-intensive.…


The beginning of the end of digital certificates

Internet pioneer Netscape adopted the SSL protocol back in 1994. This triggered, in turn, the beginning of supposedly secure connections encrypted by digital certificates. However digital certificates quickly reached the limits when people started to apply them to digital assets such as code, binaries, and files. Can you trust software signed with a digital certificate? Digital certificates do…


Hackers distribute malicious software signed with legitimate digital certificates

Every day, an increasing amount of malware signed with legitimate digital certificates is getting downloaded and installed, putting millions of internet users at risk. Buying a legitimate certificate in the darkweb for a few hundred dollars and use it to sign malware which is then deployed to download websites ranked higher than the original download site, is extremely easy. So is fooling a…


Are google search and digital certificates enough for software trust?

Today, when you try to download a well-known application you are more than likely to find dozens of download links. Some of those links hide some dangers. The increasing amount of malware and malware injected software signed with legitimated digital certificates should worry the whole internet community, as of today there are no options to protect users from these attack vectors. How can you be…