As far as I know, any certificate authority (such as those listed here: https://en.wikipedia.org/wiki/Certificate_authority#Providers) can provide us with a certificate with which we can sign our drivers (and the Windows installation package). When I looked these up to obtain one for my research group last year, according to sslshopper.com, I found that DigiCert was the best rated, and their pricing is middle-of-the-road: 3 Year $178.33 USD / year 2 Year $198.50 USD / year 1 Year $223.00 USD / year We will also need the "full legal name" (and full mailing address & phone number) of our organisation. This name will be what shows up on the UAC and installation dialog boxes. Note that this certificate should be able to digitally sign any software for Windows, Java, Apple, browser extensions, and so on, which may or may not be useful to us later on. So this leaves some open questions: 1) How are we going to pay for this? (Yet another use for possible donations, if/when we open that up) 2) How long do we want the cert? 3) What will our "full legal name" be? I imagine this could be a member of our group who has full intentions of sticking around for the length of the cert, and is comfortable signing our drivers and executables (which I would guess legally means such person is vouching for the integrity and non-maliciousness of the code). However, if we want to make it our "organisation", (CipherShed Inc.? :-P) I fear we don't have a full mailing address and phone number, so...I don't know how we would handle that. Presumably someone could contact the certificate authority and ask how this is done for distributed open-source projects, such as this. Despite these challenges, if we want our software to be trusted and reputable, I think obtaining a certificate with which to sign our drivers and executables/binaries is a must. Alain -----Original Message----- From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed-bounce@xxxxxxxxxxxxx] On Behalf Of Stephen R Guglielmo Sent: Saturday, June 14, 2014 10:47 To: ciphershed@xxxxxxxxxxxxx Subject: [ciphershed] Signed System Driver We're going to (eventually) need a certificate issued by a "certificate authority" (I assume that's Microsoft?) to sign the system driver on Windows. Some versions of Windows wont let the driver run unless it's signed. There might be a setting to ignore this, but we shouldn't force all users to change their settings... The certificate is probably unnecessary for the time being. If I'm understanding things correctly, it's only for the system disk encryption, not encrypting non-system disks or using file-hosted storage. I haven't had time to research the process on obtaining a certificate, anyone want to volunteer? :D Thanks, Steve