Microsoft recently launched Trusted Signing in Public Preview, a fully-managed end-to-end signing solution for developers backed by a Microsoft-managed certification authority.
Trusted Signing, the signing service formerly known as Azure Code Signing, offers developers a robust and secure signing process. It allows developers to sign public and private trusts and provides a timestamping feature. Trusted Signing ensures a fast and efficient signing process on Windows, fortified by advanced security features such as Smart App Control and SmartScreen, providing developers with the confidence that their signed code is secure.
Trusted Signing not only provides a secure signing service, but also makes it easy for developers to manage their certificates. With secure FIPS 140-2 Level 3 HSMs, it handles short-lived certificates and seamlessly integrates with popular developer tools for signing, such as SignTool.exe, GitHub, and Visual Studio experiences for CI/CD pipelines. The signing process involves digest signing, ensuring both confidentiality and speed. The service also supports various certificate profile types, including Public Trust, Private Trust, and Test, with additional types in development, all while utilizing Azure role-based access control.
Enabling the service is straightforward. Developers can create a resource group within their Azure subscription. From there, they can create a Trusted Signing account within the resource group. This account comprises two primary resources: an Identity validation and a Certificate profile. Furthermore, developers have the option to choose between two types of accounts: a Basic SKU or a Premium SKU.
A high-level overview of the Trusted Signing resource structure (Source: Microsoft Learn documentation)
In response to a LinkedIn post by Scott Hanselman, Matthew Joughin, a co-founder and software architect at Adaptable Apps, commented:
Can’t tell you how happy this makes me - it’s sorely needed! Question: are the plans to support signing on Linux and macOS too? Then, it really would be the one-stop shop for esigning.
Trusted Signing offers two pricing options- basic and premium accounts. The basic account, priced at $9.99 per month, includes 5,000 signatures per month. After reaching the quota, each additional signature costs $ 0.005. The premium account, priced at $99.99 per month, consists of 100,000 signatures per month, with the same price per signature after reaching the quota. Both accounts offer public and private signing, with the premium account providing more certificate profile types. It's worth noting that a free initial Public Preview release is available until June 2024, giving developers a chance to try out the service at no cost.
More details on the service are available on the documentation landing page.