Trusted Signing addresses the signing issues faced by individual developers by providing a comprehensive and affordable solution. It ensures the authenticity and integrity of code through a modern identity validation process, which is crucial for securing code signing certificates.  

One of the key advantages of Trusted Signing is its cost-effectiveness. Trusted Signing offers two pricing tiers, starting at $9.99/month: Basic and Premium. Both tiers are designed to provide optimal cost efficiency and cater to various signing needs. The costs for identity validation, certificate lifecycle management, and signing are all included in a single offering, ensuring accessibility and predictable expenses. This eliminates the need for individual developers to invest in additional infrastructure and operations required to manage and store private keys securely. 

Trusted Signing Identity Validation Process 

Trusted Signing leverages Microsoft Entra Verified ID (VID) for performing Identity Validation for individual developers. This ensures that developers get VID that lives on the Authenticator app.  The verification process typically involves the following steps: 

1. Submission of Government-Issued Photo ID: The first requirement is to provide a legible copy of a currently valid government-issued photo ID. This document must include the same name and address as on the certificate order.
2. Biometric/selfie check: Along with the photo ID, applicants need to submit a selfie. This step ensures that the person in the ID matches the individual applying for the certificate. 
3. Additional Verification Steps: If the address is missing on the government issued ID card, then additional documents will be required to verify the address of the applicant. 
4. Got an existing VID? Make sure it meets the onboarding criteria for your desired service, and you can effortlessly reuse it across multiple services! 

 This is how a successfully procured VID would appear in Azure portal. 

Best Practices for a Smooth Validation Process 

To ensure a smooth and successful identity validation process, individual developers should adhere to the following best practices: 

• Accurate Documentation: Ensure that all submitted documents are accurate and up to date. 

• Stay Informed: Keep abreast of any changes in the validation requirements or processes. 

Conclusion 

Identity validation is a critical step for individual developers seeking code signing certificates. By understanding the process, preparing in advance, and following best practices, developers can successfully navigate the validation process and secure their code signing certificates. The plan is to extend the same level of robust identity validation process to make Trusted Signing available for organizations incorporated less than 3 years ago.  

Try out Trusted Signing today by visiting the Azure portal.

​Microsoft Tech Community – Latest Blogs –Read More