The tool for signing fonts is free (provided by Microsoft; see http://www.microsoft.com/typography/developers/dsig/default.aspx for more information). But I don’t know of any free Certificates, and that is the critical bit required for applying a digital signature to fonts.

Do a search for Authenticode Class III Code Signing Certificate; that is the specific variety required for signing fonts (this type of Certificate is not limited to use on fonts, but other types will not work). There are several vendors (known as Certificate Authorities), including Thawte and Verisign.

I’m not sure what you consider “reasonable”; my experience with this tells me to be prepared to spend around $100/year or so, maybe more, maybe less depending upon the specific vendor. Generally Certificate Authorities will offer discounts for multi-year purchases so if you’re in it for the long haul it may be worth doing that. Again, be sure you are getting a Class III Code Signing Certificate and not an SSL Cert or some other type.

It is possible to create a self-signed Certificate for free; the tool set provided by Microsoft allows you to do this and there are instructions in the DSIG toolkit for doing this. A self-signed certificate behaves more or less the same as a regular Certificate, but since it is not issued by a Certificate Authority, it will not be considered “trusted”, even if it is valid. But it is a good way to learn about the process of signing fonts, do dry runs, etc.

Josh

Thanks, I will do the search.

Regards,

DH

Hey Josh,

As I understand, the certificate must be purchased for a year or more.
I got an offer from Thawte as follows:

We do offer a Microsoft Authenticode Code Signing Certificate.

The Microsoft Authenticode Code Signing Certificate has a 1 and 2 year validity period.

Please find the pricing below:
1 year: US$299
2 year: US$549

Please use the link below to enroll for the Microsoft Authenticode Code Signing Certificate:
http://www.thawte.com/ssl-digital-certificates/code-signing/index.html

Can you think of a cheaper Certificate provider?

Regards,

DH

searching for “Code Signing Certificate” brings up some intresting stuff.

code singing - It’s Cheaper and Easier than You Thought

—astype.de—

Beginner’s Guide to Digitally Signing OpenType Fonts

Is this Required yet?

Cheers!

I am pretty sure it is not required yet, but I remember long ago that the idea was tossed around of eventually requiring a DSIG. As far as I know, the only difference today (even under Vista) between signed fonts versus unsigned is the font file icon (and extra information in Properties). But it’s not hard to imagine it becoming more restrictive and invasive, much in the way applications have become.

Andreas, thanks for the link...looks like TUCOWS (reselling Comodo) is pretty much the cheapest way to go.

”...the idea was tossed around of eventually requiring a DSIG.”
That there would qualify as an understatement.

Cheers

Thanks - TUCOWS is the address indeed.

Regards,

DH

CAcert will offer code signing certificates soon. It’s a free service and worth the suppot. www.cacert.org.

—astype.de—