DELOL Sovereign Self-Signed Digital Certificates

DELOL3 Sovereign Self-Signed Certificates

The New Standard for Strengthened Self-Signed Certificates

DELOL Sovereign Suite helps you create your own “Digital Passport” (a Certificate) that you can use to sign your documents (such as docx, pptx, pdf, etc.) and software, proving they really came from you and haven’t been tampered with.

DELOL Sovereign Self-Signed Certificates strengthens the self-signing process. By taking the industry-standard X.509 format and injecting it with Factorial Entropy, we turn a simple label into a Mathematical Proof of Lineage. It is the professional bridge between “untrusted” placeholders and “expensive” public rentals.

DELOL 3.0 Tutorial

What is a Self-Signed Digital Certificate?

In the physical world, you use a handwritten signature to prove you agree to a contract. In the digital world, we use Digital Certificates.

  • For Common Users: Usually, “Big Tech” companies issue these IDs. A Self-Signed certificate means you are your own authority. It allows you to protect your personal PDFs, Word documents, and emails with a tamper-proof seal without needing to pay a third-party subscription. It’s your independent “Digital Seal.
  • For Developers: It provides a way to sign code, scripts, and applications for internal or private distribution. It ensures that your users (or your own systems) can verify that the code hasn’t been modified by a malicious “middle-man” after you compiled it.

Why “Standard” Self-Signed Isn’t Enough?

For developers, architects, and high-stakes consultants, a standard self-signed certificate is often treated as a mere “text label.” It lacks the mathematical depth to prove actual origin and remains vulnerable to identity spoofing.

DELOL's Digital Sovereign Empowered By Identity Standards (PEN & OID)

Every DELOL Sovereign Self-Signed Digital Certificate is anchored to the official IANA PEN 64963 arc. This ensures your identity is distinct and compliant with global standards.

The DELOL Strength: Three Layers of Integrity

1. The Factorial Entropy Seal (The DNA)

We inject a unique 256-byte binary seal directly into the certificate vessel at OID 1.3.6.1.4.1.64963.2.1. This ensures your identity is mathematically unique and unforgeable, even if subject metadata is identical. This seal is part of a structured hierarchy that defines your Sovereign identity:

  • Lineage OID (1.3.6.1.4.1.64963.1.1): Proves the certificate’s entropic attestation seal originates from the Cybrent Technology Solutions (OPC) Pvt. Ltd. enterprise arc
  • Purpose OID (1.3.6.1.4.1.64963.1.2): Defines the specific functional intent of the certificate within the DELOL suite
  • Attestation OID (1.3.6.1.4.1.64963.2.1): The secure container holding the Factorial Entropy Seal, acting as the cryptographic DNA of the file

2. Hybrid-RSA Stitching (The Bridge)

Your strengthened certificate is fully compatible with standard tools like Microsoft SignTool and OpenSSL. By exporting to a PFX format, you get the best of both the world’s Private Security and Global Compatibility.

3. Audit-Ready Verification

Unlike standard checks that only verify expiration dates, our DELOL Verifier performs a “Deep-Tissue Scan” to ensure the identity hasn’t been hijacked or altered. It confirms the RSA Key Pairing between the signature and your unique Private Map.

Professional Utility Comparison

This comparitive analysis matrix explains how DELOL Soverign Standards empower, enhance and strangthen the current Self-Signed Digital Certificates which you use for your personal and private signing of documents, assets and non-production code.

Feature Standard Self-Signed Strengthened DELOL Sovereign  Self-Signed
Identity Proof Text-based Mathematical (Factorial Entropy)
Trust Factor Triggers “Unknown” Ownership Provides Lineage Proof through OID
Compatibility Basic Full Windows/Office Integration (Through PFX)
Verification Surface-level Deep-Tissue OID Audit
Cost
 Free Free
Standard Self-Signed Certificate V/S DELOL Sovereign Self Signed Certificate
Standard Self-Signed Certificate Properties V/S DELOL Sovereign Self Signed Certificate Properties

Steps To Generate and Install DELOL Sovereign Self Signed Certificates

Phase 1: Certificate Generation

Generating certificate generally needs a tedious command line exercise. However I have made it simple to generate a DELOL Soverieign Self-Signing Certificate through intuitive CLI:

  1. Post installing the DELOL Sovereign Suite, you will get these utilities, viz. DELOL-Certificate-Gen.exe, DELOL-Certificate-Verifier.exe and DELOL-PFX-Generator.exe
  2. Run the first tool delol-certificate-gen
  3. You will be asked for Subject’s (the person) full name, Organisation and Email Address, along with the duration of the certificate
  4. The tool generates the DELOL Encryption Private Key (.pvt), the Certificate’s RSA Private Key (.key), and the Certificate (.crt)

 What are the different DELOL Sovereign Certificate Files?

  • The Certificate (.crt) or Your Public Identity: The CRT file is your Digital Passport. It contains your identity details (Name, Organization) and your public key. However, unlike a standard certificate, it is physically embedded with a Sovereign Watermark (the Factorial Entropy Seal) that proves the certificate was issued by your unique DELOL Security. This file is shared publicly through the artefacts you sign.
  • The Private Key (.key) or Your Master Seal: This key file is the Master Lock for your identity. It is a standard RSA PKCS 8 key that allows your certificate to be recognized by Windows, servers, and browsers. This file should never be shared at any cost.
  • The Sovereign Data (.pvt) or Your Factorial DNA: This pvt file is exclusive to the DELOL Encryption Suite. It stores your raw Permutation Map, which is the 256-byte sequence of unique entropy used to create your seal. This is the unique advanntage you get over the standard self-signed certificate – the double protection (or the kernel of this certificate which remains unbreakable even if the outer RSA encryption gets broken). This file too should never be shared at any cost.
DELOL Certificate Generator

Phase 2: Certificate Verification

Once you have generated the certificate, you can verify it’s integrity according to the DELOL Entropy Validation. The verifier’s job is to check whether the CRT carries the Sovereign Seal. The Certificate Generator injects the Factorial Entropy Seal directly into the .crt file using a custom OID (Object Identifier).

When the verifier opens the .crt, it reads this custom OID field to see your unique 256-byte entropy. It doesn’t need the .pvt file because the result of that entropy (the seal) is already physically written into the certificate. This means yoou do not have to share the secret .pvt or .key files with those who want to verify the validity of your self-signed certificate.

To verify the DELOL Sovereign Self-Signed Certificate, you will need to run the DELOL-Certificate-Verifier.exe while performing these steps:

  1. Run the delol-certificate-verifier from the same directory where you have generated the .crt file (to avoid providing the complete path to the certificate file)
  2. Provide the correct name of the .crt file
  3. It will scan the file and will display the Certificate’s properties along with the unique DELOL Enropy Signature

DELOL Certificate Verifier - Checking Non-DELOL Certificate
DELOL Certificate Verifier - Checking DELOL Certificate

Phase 3: Generating the PFX file

What is a PFX File?

PFX stands for Personal Information Exchange (also known as PKCS#12). It is a single, password-protected vault that bundles your public certificate and your private key together. These are the factors:

  • The Bundle: It contains your Public Certificate (the .crt), which identifies you, and your Private Key (the .key), which proves you are the owner of that identity.
  • The Security: Unlike raw .key files, a PFX is encrypted with a password. This ensures that even if the file is intercepted, your private keys, and your DELOL Sovereign lineage remain protected.

Why do we need to generate the PFX File?

The PFX file is the bridge between the Digital Certificate and the Windows operating system. Windows tools like signtool.exe cannot use a separate .crt and .key file. They require a PFX because it proves the signer has both, the identity as well as the authority in a single verified package.

A PFX allows you to move your Digital Identity between machines safely. You can generate your identity once on a secure development machine, export it as a PFX, and then import it into your build server or another workstation using a password.

The PFX file is the final, ready-to-use version of your DELOL Sovereign Digital Self-Signed Identity. By combining your Sovereign Certificate with your RSA Private Key into a password-protected container, the DELOL Soveriegn Self-Signed Certificate Suite provide you with a high-assurance tool for signing software, encrypting communications, and establishing a trusted presence on any Windows system.

Think of the CRT as your ID card and the KEY as your signature, while the PFX is the official leather wallet that keeps them safe and valid for use.

How to generate the PFX file?

The DELOL-PFX-Generator too is a user friendly tool which is intuitive, unlike other comand line tools which need you to provide lengthy arguments through the CLI. However this tool can only generate .pfx file from valid DELOL Sovereign .cer file.

  1. Run delol-pfx-generator from the same directory where the generated certificate files
  2. Provide the correct .cer and associated .key files at the prompt
  3. You will be asked to provide the password which will be used for protecting the PFX during it’s use during signing the assets

 

DELOL PFX Generator

Phase 4: Certificate Installation

After generating the PFX file, it’s now time to import it into the Personal Certificates list of the Windows Certificate Manager. The screenshots below show the sequence of importing the PFX and CRT into the Windows Certificate Manager.

 

Windows PFX Import

Windows PFX Import

Windows Certificate Selection

Windows Certificate Selection

PFX Import Location

PFX Import Location

PFX Import Final

PFX Import Final

PFX Import Security

PFX Import Security

CRT Status

CRT Status

CRT Import Trusted

CRT Import Trusted

Frequently Asked Questions (FAQ)?

What is a DELOL Sovereign Self-Signed Certificate?

A DELOL Sovereign Self-Signed Certificate is a high-assurance digital identity tool that combines standard RSA encryption with a proprietary 256-byte Factorial Entropy Seal. Unlike generic self-signed certificates, it embeds a unique mathematical watermark into a globally recognized IANA Object Identifier (OID), establishing a verifiable “Sovereign Lineage” for software and data.

How does the Factorial Entropy Seal of DELOL Sovereign Self-Signed Certificates differ from standard encryption?

Standard certificates use random noise for entropy, which can be inconsistent. The DELOL Seal is derived from a 256! (factorial) Permutation Map. This creates a mathematical complexity larger than the number of atoms in the known universe, ensuring your digital signature is uniquely tied to your specific authority and cannot be replicated by standard brute-force tools.

Why do I need a PFX file for my applications?

A PFX (Personal Information Exchange) file is a secure, password-protected container that bundles your Public Certificate (.crt) and Private Key (.key). It is the industry-standard format required by Windows SignTool and other deployment environments to prove that the software publisher is verified and the code hasn’t been tampered with.

Is the OID 1.3.6.1.4.1.64963.1.1 field found in DELOL Sovereign Self-Signed Certificate safe to disclose?

Yes. This field represents the Lineage OID within the Dhayfule Ethical Lineage Oath Language (DELOL) framework. An OID (Object Identifier) is a public address in a global hierarchy, similar to a street address. Disclosing it confirms that your certificate is registered under the IANA Private Enterprise Number 64963 (assigned to Cybrent Technology Solutions (OPC) Pvt. Ltd.) and follows international standards (RFC 9371). The security lies in the Factorial Entropy Seal contained within that address, not the address itself. To verify the information visit https://www.iana.org/assignments/enterprise-numbers/?q=64963

Can I use DELOL Sovereign Self-Signed Certificates to remove the "Unknown Publisher" warning?

Yes. Once the DELOL Sovereign Self-Signed Certificate (CRT) is installed on a Windows system, any software signed with your generated PFX will be recognized as coming from a Verified Publisher. This replaces the red “Unknown” warning with a trusted digital signature, significantly increasing user confidence.

Is DELOL Sovereign Self-Signed Certificate a replacement for Public Certificate Authority (CA)?

No. It is a strengthened enhancement of standard self-signed certificates for private ecosystems, internal tools, and peer-to-peer professional exchanges where public web-trust (browser recognition) is not required.

Can DELOL Sovereign Self-Signed Certificates be used for signing legal documents?

No. You cannot use DELOL Sovereign or any Self-Signed Certificates for signing legal documents. For that purpose you will have to strictly use the Certification Authority (CA) authorized Digital Signature Certificates (DSC).

Does it require an internet connection for using DELOL Sovereign Self-Signing Certificate Suite?

No. True to the Localized Vigilance vow, both the strengthening and verification happen entirely offline, ensuring your private map remains within your control.

Sovereign License & Terms of Use

The DELOL Sovereign Suite is distributed as a proprietary security tool under the following legal framework:

  • Identity Protection (Section 66C, IT Act 2000): The IANA Object Identifier (OID) arc 1.3.6.1.4.1.64963 is the registered unique identification feature of Pravin Dhayfule representing Cybrent Technology Solutions. Unauthorized use of this OID in digital artifacts generated outside of the DELOL environment is a punishable offense.
  • Proprietary Protocol: The DELOL Stitching Protocol and Factorial Entropy Seal logic are protected Trade Secrets. Reverse engineering or unauthorized replication of the “Stitching” method is strictly prohibited.
  • Verification Authority: The DELOL Verifier is the sole forensic arbiter of authenticity. Certificates failing the Entropy Seal Check are officially classified as Generic/Counterfeit, stripping them of any legal or technical association with the DELOL Sovereign lineage.

By downloading or using these tools, you agree to abide by the Sovereign Lineage standards and acknowledge the proprietary nature of the IANA PEN 64963 Arc.

Technical & Legal Disclaimer

By downloading, installing, or using the DELOL Sovereign Digital Certificate Suite, you acknowledge and agree to the following conditions.

1. Scope of Utility & Non-Replacement

  • The DELOL Sovereign Suite is a specialized tool designed to add a proprietary security and sovereignty layer to standard self-signed certificates.
  • It is NOT a replacement for Standard Self-Signed Certificates used in general computing.
  • For use within India: It is NOT a replacement for Digital Signature Certificates (DSC) issued by Licensed Certifying Authorities (CAs) under the Controller of Certifying Authorities (CCA), Government of India. This tool does not provide “Class 2” or “Class 3” statutory signatures.
  • International Notice: This tool is not a substitute for “Qualified Electronic Signatures” (QES) as defined under eIDAS (EU/UK) or statutory credentials required by ESIGN/UETA (USA) for official government or legal filings.

2. Prohibition on Public & Web Use (SSL)

These certificates are engineered for Sovereign Identity Anchoring and are NOT intended for use as Web SSL/TLS Certificates. They will not be inherently trusted by public browsers for HTTPS traffic, and using them for external, public-facing services may result in “Untrusted Connection” warnings and security risks.

3. Restriction to Private & Internal Environments

The application of DELOL Sovereign Certificates is strictly limited to Internal, Private, or Closed-User-Group (CUG) environments.

  • Legal & Government Documents: Users must refrain from using these certificates to sign legal contracts, government filings, or documents requiring statutory compliance under the IT Act (e.g., Income Tax filings, MCA filings).
  • Regulatory Compliance: Users outside of India are responsible for ensuring that the use of these certificates complies with their local electronic signature and cryptography laws.

5. No Certification of Content (The Vessel vs. The Cargo)

Neither Pravin Dhayfule nor Cybrent Technology Solutions (OPC) Pvt. Ltd. nor the OID Hierarchy in the DELOL Sovereign Self-Signed Certificates, certify what is signed by a DELOL Sovereign Self-Signed Certificate.

The tool’s role is strictly to provide a security and sovereign layer for empowering the standard Self-Signed Certificates.

We do not validate, audit, or vouch for the identity of the person using the tool or the truthfulness of the data being signed. The user assumes 100% responsibility for the Subject and Issuer information provided during generation.

Get DELOL 3.0 Sovereign Suite Installer

DELOL 3 Sovereign Suite is available as set of command line tools. This link will lead you to our secured cloud server from where you can download the installer in form of Zip package.

Contents of the package include:

  1. DELOL-V3-Sovereign-Setup.exe (the secured local installer)
  2. DELOL-V3-Sovereign-Setup.exe.sha256 (the associated hash key for the installer)
  3. PRAVIN_DHAYFULE_DELOL.cer (the DELOL Sovereign Certificate used for signing the installer as well as the installed tools executables)
Download

Take Control of Your Digital Sovereignty

In an era where standard security warnings often hinder innovation, the DELOL V3.0 Sovereign Suite offers a path to absolute digital autonomy. By bridging the gap between industry-standard RSA compatibility and proprietary 256-byte Factorial Entropy, it provides more than just a self-signed digital certificate. It delivers a mathematical lineage, that is uniquely and indisputably yours.

Whether you are a developer seeking to eliminate “Unknown Publisher” warnings or an organization requiring hardware-independent data shielding, DELOL Sovereign Suite ensures your identity is anchored in a globally registered, immutable framework. Don’t just secure your data, but also establish your authority.

Feel free to Contact me for other queries around DELOL 3. You might also want to check out the parent project of this suite – DELOL File Shielding and Data Protection Suite.