Tuesday, October 19, 2021

Digitally sign your macro project

This article describes how you can digitally sign a macro project by using a certificate. If you don't already have a digital certificate, you must obtain one. To test macro projects on your own computer, you can create your own self-signing certificate by using the Selfcert.exe tool.

You can obtain a digital certificate from a commercial certificate authority (CA) or from your internal security administrator or information technology (IT) professional.

To learn more about certificate authorities that offer services for Microsoft products, see the list of Microsoft root certificate program members.

Because a digital certificate that you create isn't issued by a formal trusted certificate authority, macro projects that are signed by using such a certificate are known as self-signed projects. Microsoft Office trusts a self-signed certificate only on a computer that has the self-signing certificate added to the Trusted Root Certification folder in the Certificates - Current User store.

To learn how to create a self-signing certificate, see the next section.

  1. Go to C:\Program Files (x86)\Microsoft Office\root\Office16.

  2. Click SelfCert.exe. The Create Digital Certificate box appears.

  3. In the Your certificate's name box, type a descriptive name for the certificate.

  4. Click OK.

  5. When the SelfCert Success message appears, click OK.

  1. Go to C:\Program Files\Microsoft Office\<Office version>\.

  2. Click SelfCert.exe. The Create Digital Certificate box appears.

  3. In the Your certificate's name box, type a descriptive name for the certificate.

  4. Click OK.

  5. When the SelfCert Success message appears, click OK.

  1. Click Start, point to All Programs, click Microsoft Office, click Microsoft Office Tools, and then click Digital Certificate for VBA Projects.
    The Create Digital Certificate box appears.

  2. In the Your certificate's name box, type a descriptive name for the certificate.

  3. Click OK.

  4. When the SelfCert Success message appears, click OK.

Create Digital Signature dialog

To view the certificate in the Personal Certificates store, do the following:

  1. Open Internet Explorer.

  2. On the Tools menu, click Internet Options, and then click the Content tab.

  3. Click Certificates, and then click the Personal tab.

  1. Open the file that contains the macro project that you want to sign.

  2. On the Developer tab, in the Code group, click Visual Basic.

    Note: If the Developer tab is not available: Click the File tab. Click Options. Click Customize Ribbon. In the Customize the Ribbon list, click Developer, and then click OK.

  3. In Visual Basic, on the Tools menu, click Digital Signature.

  4. The Digital Signature dialog appears.

  5. Select a certificate and click OK.

    Note: If you haven't selected a digital certificate or want to use another, click Choose. Select a certificate and click OK.

    Notes: 

    • It is recommended that you sign macros only after your solution has been tested and ready for distribution: when code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.

    • If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature implies that you guarantee the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates and add-ins so that they can control what users run on their computers.

    • If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.

    • When you digitally sign macros, it is important to obtain a time stamp so that other users can verify your signature if the certificate used for the signature has expired, or has been revoked after signing. If you sign macros without a time stamp, the signature remains valid during the validity period of your certificate.

No comments:

Post a Comment