<div class='os_post_top_link'><a href='http://www.windowsfordevices.com/news/NS7011211027.html' target='_blank'>http://www.windowsfordevices.com/news/NS7011211027.html</a><br /><br /></div><i>"GeoTrust has expanded its Smartphone Credentials code signing service to include privileged certificates for Windows Mobile device environments. Software vendors use digital certificates to sign, or authenticate, the code they provide to wireless carriers and to protect end users against malicious code tampering, according to the company. GeoTrust code signing certificates allow developers to add their "digital signature" to code before it is submitted or transmitted over a network. When issuing code signing certificates, GeoTrust says it verifies that the developer is tied to a legitimate organization and that the individual is authorized to sign code on behalf of that organization."</i><br /><br />GeoTrust is now offering both privileged and unprivileged certificates at the same price and in blocks of <i>signing events,</i> without any expiration date. More information can be obtained on the GeoTrust's <a href="http://www.geotrusteurope.com/products/smartphone_signing/index.asp">Web site.</a> It looks like their pricing for 10 signing event is 25% lower than VeriSign's package and is priced at $295.

Wow, $295 for 10 eh?! That's still pretty expensive. It's nice to see a little competition, but I think that price needs to come down some more before this changes the market place (in terms of the number of companies signing applications).

What makes this price even worse, is the stupid "signing events" calculation. For one of my applications (which consists of 6 DLLs and an EXE) this sums up to 8 signings events (one more for the CAB) for each release. As my application must be updated every 2 to 4 weeks in order to ensure compatibility the cost is simply a total killer.

So, I rather prefer to tell my customers to ignore that "this is probably unsafe" prompt on installation, which they are already used to, anyway.

Unless this "signing event" pricing isn't dropped in favour of a cheap annual flat rate, code siging simlpy isn't an option to consider at all.

You pay per file?! That's crazy. 8O

I had totally forgotten that the signing event meant individual file. :twisted:

I believe they still require you to submit the CABs, exes and dlls thru a website for signing, is that immediate or do you have to wait?

It is per file and it is as close to immediate as you can get. The biggest pain is that you upload each file manually instead of say, using some HTTP post method so it is all manual. For me it takes about 20 minutes to do all the uploading/downloading and signing for a release and it's all manual and potentially error prone as they don't check if all the files in the CAB are signed so if you forget one you have to start all the way over and you get no credit.

Kenny.

Eeek..why can't they let the developers use SignCode.exe style application to sign the files themselves?

In our development team at work, once we have purchased the digital signature/certificate, we can sign the CAB and installers (MSI) ourselves. I can do it any number of times. Why can't it be done for the mobile apps? And why does the mobile world have to deal with a signing event counter?