Forum Discussion
Codesigning with ECC certificate (rather than RSA) - works with SmartScreen?
Hi Leigh_Marble,
thank you for the extremely good and detailed answer.
Microsoft SmartScreen doesn't provide detailed public documentation on the specific cryptographic algorithms or certificate types it supports (at least I cannot find it - especially for ECC).
But, from my experience and in general, SmartScreen is designed to work with standard code signing certificates, whether they use RSA or ECC algorithms.
As you mentioned, Extended Validation (EV) certificates, which have a more rigorous validation process, are important for the increase of the reputation of the signed applications.
The documentation you found about ECC algorithms does not directly apply to Windows Defender SmartScreen (another area of the Windows Defender infrastructure).
Your issue is specific because involves the interaction of your application with Microsoft's security options so I recommend contacting the Microsoft Support directly. The should be able to see if the problem is on the backend or on the frontend side.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
Hi LeonPavesic , Leigh_Marble
SmartScreen will pop up only with Sectigo and Certera (formally Sectigo) EV ECC certificates, ignoring EV certificate reputation.
The work around is to order certificate on SafeNet, but not on Yubikey, where RSA 4096 is not available.
The issue is well known among certificates resellers, however instantly declined by Microsoft and Sectigo.
DigiCert and SSL.COM EV ECC certificates are working as expected, it could be a good option if you already have Yubikey FIPS device purchased.
Best regards,
Vitaly