On Wed, Jul 27, 2005, coco coco wrote: > Hi, > > Sorry if this is a bit OT, can someone explain what is the difference > between > an MS Authenticode certificate, a normal certificate, and a certificate > for signing Netscape object? > > What are the bits and bytes that are different? I can't find info > detailed enough to give a satisfactory answer, and I don't feel > like spending money to get an authenticode cert and a netscape > cert just to find that out :) > > What's so different between authenticode certificate and netscape > certificate that you can't use the same key and certificate to sign > both your windows-based software and your java stuff? >
I looked at this some time ago so this may not be up to date... There wasn't anything special about an authenticode certificate provided you didn't set the extensions to specifically exclude the usages. So a "vanilla" CA and EE certificate are sufficient. The root CA also has to be added and trusted for code signing in the Windows certificate stores. The certificates you get from CAs not intended for authenticode generally aren't usable, normally because the root CA isn't trusted for code signing and occasionally because the extended key usage doesn't allow it either. Netscape object signing used to also require that the netscape certificate signing extension and its object signing bit set. If this extension was not present then it couldn't be used. I'm not sure if that's still the case since netscape certificate type is largely obsolete. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
