Different code signing cloud service — unlimited signing count

ZoTrus Code Signing Cloud Service is the first and currently the only code signing cloud service in China that provides cloud signing service. ZoTrus Technology, in conjunction with CAs, provides high-quality, fast, and localized signing services for users in the Chinese market. The signing keys are hosted in FIPS-certified HSM devices, which meet the requirements of CA/Browser Forum and WebTrust certification, follow the Cloud Signing API standard released by Cloud Signature Consortium.

ZoTrus code signing cloud service has the following unique technical and service advantages, and welcome to choose it:

  • Without uploading the code to be signed, the signing tool software automatically submits the HASH value of the file to be signed to the ZoTrus Cloud Signing Service System in the cloud. After the digital signature is completed, the signing tool software writes the signature data.
  • There is no limit to the number of signed files, and do not charge based on the number of signed files; only the submission speed is limited.
  • Free signing tools are provided, enabling manual and batch signing via DOS command line.
  • Free timestamp service is included; users can choose other CA timestamp services.

Code signing and code signing certificate basics

Code signing is a method of digitally signing files, programs, or software updates using X.509 certificates to ensure that the files or software have not been tampered with or corrupted. It provides users with an extra layer of protection, ensuring the software code is trustworthy and secure. Software developers digitally sign their software programs, applications, and drivers using code signing certificates to prevent unauthorized parties from tampering with or corrupting applications. Unsigned applications are easily modified to include malware or viruses; these untrusted applications display warning messages, leading to lower installation rates. Code signing certificates issued by CAs trusted by Windows can prevent all these problems.

Users can choose from three code signing cloud services: IV Edition, OV Edition, EV Edition. Each edition corresponds to a different code signing certificate. The signing uses of each edition are shown in the table below. Please select the appropriate code signing cloud service based on your needs for digitally signing different types of code files, such as: .sys, .cat, .exe, .dll , .cab, .ocx , etc. XML, .jar, .apk , .arx , .air, .airi , .xap , Office VBA , etc.

Functional requirements
EV Edition
OV Edition
IV Edition
Automatically configured code signing certificate type
EV code signing certificate
OV code signing certificate
IV code signing certificate
The operating system (Windows) allows installation
Microsoft Windows Hardware Driver Certification
Signed Windows 10 and later drivers
Signed pre-Windows 10 drivers (Win7/Win8)
Instantly gain Microsoft SmartScreen reputation
Suitable for individual software developers without a registered company

Given that quantum computing will be able to quickly crack digital signatures implemented using traditional cryptographic algorithms in the future, international standards organizations have set a timeline to shorten the validity period of code signing certificates to 450 days (one year and three months) since March 1, 2025. This means that from March 1, 2025, users will only be able to purchase one-year code signing certificates. The validity period of SSL certificates will also be shortened to 47 days, reflecting this trend towards shorter validity periods for code signing certificates. Therefore, it is recommended that users purchase code signing cloud services, where they don't need to worry about the validity period of the code signing certificate, but only need to purchase the required validity period of the code signing cloud service.