We are in the process of developing a Cryptographic Service Provider (CSP) and a Key Storage Provider (KSP) which are implemented as Dynamic-link libraries (.dll). The final product needs to be digitally signed in order for Windows to accept and use our implementations.
I read on MSDN that developers used to send an email to email@example.com
and request that Microsoft do the signing. I sent an email to them, requesting more information about the process, but haven't received any feedback in about three months.
I figured an alternative would be to buy a "Code Signing certificate for Microsoft Authenticode" from a trusted CA, such as Symantec, and use that to sign the appropriate files ourselves. Would this be possible? I am just not sure whether it is permitted that security products, such as CSPs and KSPs, can be signed by the developers themselves and whether Microsoft wants to look at the implementations first.
Can anyone shed some light on this?