|
6.9. Add Digital SignaturesA digital signature identifies the author of the content or the macros contained in a workbook, template, or add-in. You add a digital signature as the last step before you distribute a file. When others open the a signed file they can see who the author is and therefore decide whether the information in the file is authentic and whether any macros it contains are safe to run. The signature is overwritten any time a file is saved. Therefore, no one can open a signed file, make changes, save, then send the file on still bearing your signature. Workbooks and macros are signed separately even though they are contained in a single file. If you want to distribute a signed workbook containing macros, you must sign the macros first, then sign the workbook. 6.9.1. Get a Digital CertificateBefore you can sign a document, you must first get a digital certificate, which is also sometimes called a digital ID or simply a certificate . There are two ways get a digital certificate: create one yourself or purchase one from a Certificate Authority (CA). Self-created signatures are only valid on the machine where they were created, so they are for macros that won't be distributed. CA-created signatures are available from vendors such as Verisign, Inc. and CAcert.org. To create a digital certificate yourself:
As mentioned previously, this certificate is only valid on the machine where you created it. Therefore, its use is really limited to signing macros on your own machine to avoid the security prompt you get each time you open a workbook containing macros you've written. To get a much more useful certificate from a CA, click the link on the Create Digital Certificate dialog box to see a list of commercial CAs, select one of them, and purchase a certificate from there. Some vendors, such as Verisign Inc., offer free trial periods so you can see how certificates work before you buy. 6.9.2. Sign CodeTo sign a VBA project, follow these steps:
Visual Basic keeps track of the certificate you are going to use, but doesn't sign the file until you save the project. If your certificate is set up to notify you when it is accessed, you will see a dialog box warning you that the certificate is being accessed any time the workbook is savedeven when it is saved automatically. Once the code is signed, users may see the security warning in Figure 6-25 when they open a workbook, template, or add-in containing the signed code. Figure 6-24. Choosing a signatureFigure 6-25. Your digital signature now appears in the macro security warningIf the user selects the option to Always trust macros from this publisher, he won't see the warning again. If your certificate is from SelfCert.exe, you can select this option so you won't see this warning every time you open your own workbooks. 6.9.3. Sign WorkbooksYou can't use certificates from SelfCert.exe to sign workbooks. Since those certificates are valid only on one machine, they don't really make sense for signing workbooks. Instead, digital signatures on workbooks are intended to prove that the content is authenticthat it comes from you and hasn't been altered. To sign a workbook, follow these steps:
Figure 6-27. Choose a signature to useWhen a user receives a signed workbook, he can open the workbook in Excel and view the digital certificate from the Options dialog box to verify that the workbook is authentic. However, if the user then saves the workbook in Excel the digital signature is lost. If the workbook contains macros that were signed, that signature is maintained as long as the user does not change the code in the workbook. In other words, code and content are maintained separately in Excel. You can only sign workbooks that are saved in Excel format (.xls). Excel does not support signing other file types, such as XML spreadsheets (.xml). To distribute these types of files as digitally signed documents, you can attach them to an email message, then use your CA-issued digital certificate to sign the message . 6.9.4. What about...
|
|