How to tell if a digital signature is trustworthy

Digital signatures and certificates play a central role in software security. This article describes how to view the information that indicates when digital signatures and associated certificates are invalid.

To learn about digital signatures, see Digital signatures and certificates

In this article

Digital-signature and certificate trustworthiness in Word, Excel, or PowerPoint

How to tell if a digital signature is trustworthy

Invalid digital signatures

Recoverable-error digital signatures

Partial digital signatures

Digital-signature and certificate trustworthiness in Word, Excel, or PowerPoint

Use the following instructions to view certificate data associated with a digital signature to verify trustworthiness.

1. Open the Word document, Excel spreadsheet, or PowerPoint presentation that has a digital signature.

2. Double click the signature line.

   Note: If the signature line is not available, click the red Signatures button. The Signatures pane appears. On the signature name, click the down-arrow. Select Signature Details.

   The following image is an example of the Signatures button.

   

3. The Signature Details dialog appears.

4. For more certificate information, click View.

5. The Certificate dialog appears.

6. On the General tab, you can identify certificate information:

   • Issued to    To whom this certificate was issued

   • Issued by    What organization issued the certificate

   • Valid from / to    Duration of certificate validity

7. On the Details tab, you can see details such as:

   • Version

   • Serial number

   • Issuer

   • Subject

   • Public key

8. On the Certification Path tab, you can identify the certificate root and certificate status.

The following image is an example of the Certificate dialog.

Top of Page

How to tell if a digital signature is trustworthy

A trustworthy signature is valid, on the user account, on the computer that states it as valid. If the signature were opened on another computer, or another account, the signature may appear as invalid because that account may not trust the certificate issuer. Also, for a signature to be valid, the cryptographic integrity of the signature must be intact. This means that the signed content was not tampered with, and the signing certificate is not expired or revoked.

Top of Page

Invalid digital signatures

In Word 2010, PowerPoint 2010, and Excel 2010 invalid digital signatures are indicated by red text in the Signatures pane and a red X on the Signature Details dialog. The reasons that a digital signature can become invalid are as follows:

• The digital signature is corrupt because its content has been tampered with.

• The certificate was not issued by a trusted certificate authority (CA), For example it might be a self-signed certificate. If this is the case, you must choose to trust an untrusted issuer to make the signature valid again.

• The certificate used to create the signature has been revoked, and no time stamp is available.

The following image is an example of the Signatures pane with an invalid signature.

View the Digital Signatures dialog

1. Open the file that contains the digital signature that you want to view.

2. Click the File tab. The Microsoft Office Backstage view appears.

3. Click the Info tab, then click View Signatures. The Signatures pane appears.

4. In the list, on a signature name, click the down-arrow. Select Signature Details.

5. The Signature Details dialog appears.

The following image is an example of the Signature Details dialog.

When digital signatures are invalid

When digital signatures, and associated certificates, are invalid:

• Contact the signer, and let them know that there is a problem with the signature.

• Inform the system administrator in charge of your organization's security infrastructure.

• We advise that you do not lower your security level settings.

• You can Add, remove, or view a trusted publisher.

Top of Page

Recoverable-error digital signatures

In Office 2010, there is a new classification category for digital signatures. Other than valid and invalid, in Office 2010 a signature can be a recoverable-error signature, which means that there is something wrong with the signature. But the error may be fixed to make the signature valid again. There are three scenarios for recoverable errors:

• The veifier is offline (disconnected from the Internet) therefore making it impossible to check certificate-revocation data, or to verify time stamps if they are present.

• The certificate used to create the signature has expired and no time stamp is available.

• The root certificate authority who issued the certificate is not trusted.

The following image is an example of the Signatures pane with a recoverable error.

Important: If you experience a recoverable error, contact your system administrator, who may be able to change the signature's state to valid.

Top of Page

Partial digital signatures

In Office 2010, a valid digital signature signs certain parts of a file. However, you can create a signature that signs less than the parts required. This partial signature is cryptographically valid.

Office can read these signatures. However, they are likely not created by an Office program. If you encounter a partial signature and are unsure about how to continue, contact the IT administrator to help determine the origin of the signature.

Top of Page