I was looking into getting an authenticode signing key recently and am shocked by how expensive they are. This got me thinking -- most kinds of signing keys, whether Authenticode, SSL, etc. -- are extremely expensive.
Is there a technical reason for this that makes it expensive to maintain a CA and generate keys, or does this boil down to simple monopoly economics?
CAs have to invest heavily in security (theoretically) and are also completely reliant on consumer trust meaning they have a very high risk in their business model (theoretically). They have to undertake stringent audits (theoretically) and handle security incidents promptly and effeciently (theoretically). They need to develop flawless consumer-facing software (theoretically), supply high-availability services (theoretically) and ensure they adequately vet everyone who they supply to (theoretically). They also need to stay abridged of all the latest PKI research (theoretically). In addition, many trust issuers also offer a certain level of insurance services should the certificate's implied trust fail in any way.
So, in theory, there are plenty of good reasons why it could be expensive. There are significant costs associated with running a CA. In reality since these practices are haphazardly followed and the entire SSL/TLS PKI model has been completely geared towards corporate monopolies you'll find that the margins are so obscene as to be practically a license to print money. People are forced to pay large sums of money for certificates that do not meet these guarantees at all.
Big CAs can get away with it because they've engineered a political situation in which they are indispensible and are not held to account as they are 'too big to fail'. In the case of SSL browsers are dependent on trusting the CAs because so many web servers and their end-users (ie. the browser's users) use their services. To remove a CA (however legitimate) would be to upset a lot of users who would not understand why a certain percentage of their secure sites (such as banks, shops, etc) were no longer trusted. In that sense the SSL/TLS PKI model fails to function. Users have no trust in these services so offload the responsibility of issuing trust on to the browsers who pass that on to the CAs, but then the browsers cannot revoke that trust because they will be punished by the users - so the CAs can do what they like.
In the case of code signing this is often simply companies turning their existing monopolies into further profit. In some cases these have a high margin. Others, like Microsoft, are relatively low and reflect the significant cost of hiring an expert to do a thorough audit, as well as running the rest of the department which oversees code signing (such as the web site, support, etc). Since the benefits of ensuring code signing works as intended are high for Microsoft they don't care about making a profit on the act of providing the certificates. The cost reflects the fact they are doing a thorough, meaningful audit and making genuine promises of trust that reflect on their business.