Code signing certificates to require 3072-bit keys
Starting from May 27, 2021, 3072-bit RSA keys for code signing certificates, including EV, will be required.
Code Signing and Code Signing EV certificates will require longer 3072b keys. They will be automatically changed during their renewal. CA certificates will be updated also and issued with a 4096b key. This change is required to comply with the highest security standards and does not affect already issued certificates and created signatures. These remain trusted.
What does this mean for our customers? It will be no longer possible to use the current 2048b CSR request. A new one will be needed – and it can be generated directly in the customer administration. Owners of EV certificates on a token will receive a new token as a part of the renewal process, because the current token may not support the new key usage.
More information and the oncoming CA certificates are to be found in the article Code signing changes in 2021.
