The Microsoft Office 2000/Visual Basic Programmer's Guide is a rich source of documentation on many critical aspects of operation, including how to sign a project digitally. If you obtain an Authenticode certificate, you can digitally sign Word, Excel, PowerPoint, and Outlook VBA projects so that they do not display the macro warning message even when security is set to high.
Figure 14-5 shows a pair of warning messages. The top one appears for unsigned documents with VBA projects. The bottom one appears for documents with signed projects before they are trusted. You cannot add a digital signature to the trusted list directly—you must select the Always Trust Macros From This Source check box and enable its macros. Thereafter, all documents with the digital signature for that document are trusted, and no macro warning messages appear for properly signed VBA projects from that source.
Figure 14-5. A typical macro warning message for an unsigned document and a warning message for the first document from a new digitally signed source.
NOTE
Authenticode verification works only on workstations that run Internet Explorer version 4 or later. Workstations running an earlier version of Internet Explorer or a different brand of browser will not have the Authenticode verification software installed on the workstation.
Authenticode technology relies on public-key cryptography to sign software publications, such as VBA projects. When an author saves a file, the Authenticode software performs a hashing operation to create a "digital fingerprint" for the document and encrypts the fingerprint with the private key. When a recipient receives the document, the Authenticode software attempts to unlock the fingerprint and decode it. Documents that pass this process can be opened without the macro warning message. Others bring up the message. If another user modifies the VBA project and saves it, that removes the digital signature, so a warning message will appear the next time someone tries to open the file.
To digitally sign a VBA project, you must first obtain a valid digital certificate. There are three ways to do this. The first way is to create your own with the Selfcert.exe utility that ships with Office 2000. This is appropriate for personal testing or for a small workgroup. The second way is to obtain a certificate from your organization's internal certification authority. This is appropriate for an enterprise or for a major enterprise and its suppliers. The third way is to obtain a digital certificate from a commercial certification authority. This is a good general solution.
The digital signature applies strictly to the VBA project and not its associated Office document, such as a workbook. This allows a user to modify a worksheet but not the associated VBA project. From the VBE window, select the project in the Project Explorer window. Then choose Digital Signature from the Tools menu. The first time that you use the certificate, select the certificate and click OK twice. Otherwise, just click OK.
The following pair of procedures shows how to determine whether a workbook file is digitally signed. The procedure callIsDSigned calls the function isDSigned twice. In the first call, callIsDSigned passes along the name for the current file. In the second call, callIsDSigned shows one way of gathering a file name from the user and passing it along to isDSigned. Since a workbook must be open to determine whether it is digitally signed, callIsDSigned opens the file with the name input by the user.
Sub callIsDSigned() Dim myName As String 'Check whether current workbook is digitally signed. myName = Application.Workbooks(1).Name isDSigned (myName) 'Prompt user for workbook name and 'check whether that workbook is digitally signed. myName = InputBox("Type name as filename.xls", _ "Programming Microsoft Access 2000", myName) Workbooks.Open myName isDSigned (myName) End Sub Public Function isDSigned(fileName As String) isDSigned = _ Application.Workbooks(fileName).VBASigned If isDSigned Then Debug.Print fileName & " is digitally signed." Else Debug.Print fileName & " is not digitally signed." End If End Function |
The IsDSigned function stores the return value of the VBASigned property and then branches to one of two print statements based on that value. The property is set to True if the workbook is digitally signed. You can use similar code to determine whether Word documents and PowerPoint presentations have been digitally signed. (The precise syntax for opening a file varies across applications, but Word and PowerPoint also support the VBASigned property.)