Section 6.9.Add Digital Signatures


6.9. Add Digital Signatures

A digital signature identifies the author of the content or the macros contained in a workbook, template, or add-in. You add a digital signature as the last step before you distribute a file. When others open the a signed file they can see who the author is and therefore decide whether the information in the file is authentic and whether any macros it contains are safe to run.

The signature is overwritten any time a file is saved. Therefore, no one can open a signed file, make changes, save, then send the file on still bearing your signature. Workbooks and macros are signed separately even though they are contained in a single file. If you want to distribute a signed workbook containing macros, you must sign the macros first, then sign the workbook.

6.9.1. Get a Digital Certificate

Before you can sign a document, you must first get a digital certificate, which is also sometimes called a digital ID or simply a certificate . There are two ways get a digital certificate: create one yourself or purchase one from a Certificate Authority (CA). Self-created signatures are only valid on the machine where they were created, so they are for macros that won't be distributed. CA-created signatures are available from vendors such as Verisign, Inc. and CAcert.org.

To create a digital certificate yourself:

  1. From the Windows Programs menu, choose Microsoft Office Microsoft Office Tools Digital Certificate for VBA Projects. Windows runs Figure 6-22. Creating a digital certificate


  2. Type the name you want displayed within the signature and click OK. SelfCert.exe creates a local certificate and displays a success message.

As mentioned previously, this certificate is only valid on the machine where you created it. Therefore, its use is really limited to signing macros on your own machine to avoid the security prompt you get each time you open a workbook containing macros you've written.

To get a much more useful certificate from a CA, click the link on the Create Digital Certificate dialog box to see a list of commercial CAs, select one of them, and purchase a certificate from there. Some vendors, such as Verisign Inc., offer free trial periods so you can see how certificates work before you buy.

6.9.2. Sign Code

To sign a VBA project, follow these steps:

  1. Open the VBA Project.

  2. Choose Tools Digital Signature. Visual Basic displays the Digital Signature dialog box (Figure 6-23).

    Figure 6-23. Signing a VBA Project


  3. Click Choose, Visual Basic displays a dialog box containing all the digital certificates installed on your system (Figure 6-24).

  4. Select the certificate to use, and click OK. Then click OK again to close the Digital Signature dialog box.

Visual Basic keeps track of the certificate you are going to use, but doesn't sign the file until you save the project. If your certificate is set up to notify you when it is accessed, you will see a dialog box warning you that the certificate is being accessed any time the workbook is savedeven when it is saved automatically.

Once the code is signed, users may see the security warning in Figure 6-25 when they open a workbook, template, or add-in containing the signed code.

Figure 6-24. Choosing a signature


Figure 6-25. Your digital signature now appears in the macro security warning


If the user selects the option to Always trust macros from this publisher, he won't see the warning again. If your certificate is from SelfCert.exe, you can select this option so you won't see this warning every time you open your own workbooks.

6.9.3. Sign Workbooks

You can't use certificates from SelfCert.exe to sign workbooks. Since those certificates are valid only on one machine, they don't really make sense for signing workbooks. Instead, digital signatures on workbooks are intended to prove that the content is authenticthat it comes from you and hasn't been altered.

To sign a workbook, follow these steps:

  1. Open the workbook in Excel and finish all your edits, formatting, etc. The workbook should be in its final form before signing.

  2. Choose Tools Options then click the Security tab. Excel displays the Options dialog (Figure 6-26).

    Figure 6-26. Signing a workbook


  3. Click Digital Signatures. Excel displays the Digital Signature dialog.

  4. Click Add. Excel warns you that it will save the file and then displays the Select Certificate dialog box as shown in Figure 6-27.

  5. Select a certificate and click OK, then click OK on each of the remaining dialog boxes.

  6. Close, but do not save, the workbook. It was already saved when you added the certificate, and saving it again will remove the digital signature.

Figure 6-27. Choose a signature to use


When a user receives a signed workbook, he can open the workbook in Excel and view the digital certificate from the Options dialog box to verify that the workbook is authentic. However, if the user then saves the workbook in Excel the digital signature is lost.

If the workbook contains macros that were signed, that signature is maintained as long as the user does not change the code in the workbook. In other words, code and content are maintained separately in Excel.

You can only sign workbooks that are saved in Excel format (.xls). Excel does not support signing other file types, such as XML spreadsheets (.xml). To distribute these types of files as digitally signed documents, you can attach them to an email message, then use your CA-issued digital certificate to sign the message .

6.9.4. What about...

To learn aboutLook here
Digital certificates, code, document, and XML signing www.verisign.com
Non-profit digital signatures www.cacert.org
www.onlamp.com/pub/wlg/5142




    Excel 2003 Programming. A Developer's Notebook
    Excel 2003 Programming: A Developers Notebook (Developers Notebook)
    ISBN: 0596007671
    EAN: 2147483647
    Year: 2004
    Pages: 133
    Authors: Jeff Webb

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net