I have read all the blog posts on digital signing and checked out GoDaddy, Thawte and a couple of others. All of these say that you need to be a registered company and have official documentation and proof on incorporation etc.
I don't have any of that - I am a Sole Trader based in Australia who runs a social network (PokerDIY.com) for poker players, and now I am releasing a free app (PokerDIY Tourney Manager) and I need to let users type whilst in fullscreen mode (it's almost ironic that I am doing all this just for this). So I am looking into digitally signing my .xap so that I can run in elevated trust whilst OOB. In legal eyes I am just a hobbyist developer.
So I have a couple of questions that I would like answered before spending $100 on a certificate that I might not be able to use:
1) Can I buy a SL code-signing certificate as an individual? (Jeff Wilcox's blog (which is the most useful I have read on this matter for developers in my situation) seems to imply that you can and the Ksoftware site (https://secure.ksoftware.net/code_signing.html) seems to imply the same. However this leads to Q2:
2) Can this be used commercially - ie. if I decide to charge for my app (it's available globally for free but I will probably have a ad-free version at some point) - can I use this individual certificate that I purchased?
3) And can I register it to PokerDIY (my domain name) which is NOT a registered company. I would rather not register it to my full real name - this would look odd to a user if it said - PokerDIY Tourney Manager- Publisher: My Name. This is probably the most important as I doing this all for the perception of being a reputable entity.
There's really not much info out there on this and I dont want to make a mistake when it comes to $100 for a year's cert! (I wont go into how annoying it is to have to pay to release a free app just so people can type in fullscreen mode ;)
Thanks!
Yes, you can sign as an individual and use it for any purpose, including commercial purposes, with companies such as the KSoftware - but the larger providers like Thawte will not allow just an individual to do so. I do not know the specifics for Australia however so there could be regional differences, different companies, or other restrictions specific to your situation.
Your publisher name (your actual name) will appear in the elevation dialog for the Silverlight application. So it may look less professional to some, but it will still serve a purpose of providing a code signing certificate and some level of assurance for your customers.
But understand that your name and the address you provide for verification will be present in that certificate for anyone to see (answers your 3rd question).
Authenticode signing certificates don't actually match to a site such as your domain - they only verify the code signer - so you can use it with any site.
A good option for you might be to self-sign your app. This doesn't require a third party, and so no yearly fee.
You can also distribute a trusted XAP without signing it at all, but you won't be able to update it via the Silverlight updating mechanism.