Digital Certificates
A concise and clear article about what Digital Signatures are and how to set-them up on MSDN : Code Signing Office XP Visual Basic for Applications Macro Projects.
I started my search a few days ago when I decided to write my own set of utilities. I needed a way to go through the tighter security policies of some of the users (those who set the Macro Security level at High). If you’ve moved around those screens a bit, you would realize that the best way would be to become a “trusted source” and hence the jump into Digital Certificates.
The article provides a clear step-by-step guide to create and test the certificates using the free (?) SelfCert.exe. An official Digital Certificate from Verisign for example would set you back around $400.0 . or did I get this wrong ?
Yeah, when i set a DC up for a work book i had, i used the self cert method. That fact is that it tells the user “this workbook has a certificate, but it’s a sefl cert” - or what ever - I dont really see the point! - what is the point?
Comment by ross — February 2, 2005 @ 3:21 pm
Here’s my understanding from what I read in the articles.
Digital Certificates come in very handy (even when they’re self cert) when the Macro Security is set to High. This setting automatically disables all macros that are unsigned and from untrusted sources.
However, if the macros are signed, then the user gets prompted to make a decision on whether to “accept” your macros or not. If the macros are accepted, then you (the developer) are added to the Trusted Sources and therefore your code will run on that user’s machine without any future prompts.
A couple more points that I learned :
- Digital Certificates are automatically removed when a user edits your code.
- Digital Certificates can have an expiry date.
Is the truth out there ?
Comment by Fadi — February 2, 2005 @ 7:00 pm
I found no deeper point or truth when I was able to make myself a Certification Authority and then issue my own Digital Certificate as a test. (I had to use other tools than SelfCert, using other free and legitimate Micorsoft products.)
You can see it appled to a workbook here: http://www.hydrologica.hu/signed.zip
At least Excel now trusts my own macro’s by default preventing the pop-up of irrelevant security warnings :) (I have Macro Security level at High)
Although it was some years ago, I can provide details for any-one interested.
Gerrit
P.S:
The workbook contains no other codes than an empty
Private Sub Workbook_Open()
End Sub
Comment by Gerrit Kiers — February 14, 2005 @ 1:41 pm
I tweaked the thing and made myself Certification Authority and issued my own DC a couple of years ago using a series of free and downladable Microsoft tools.
See the result here: . This workbook carries my DC, and contains only an empty Workbook_Open Event.
Code signed with a DC can indeed only be edited on a machine on which the DC is installed. The problem with the a SelfCert Certificate is that it is installed on the machine it is created, but you cannot export the Private Key. So you cannot backup, or migrate your Certificate. I solved this with the method I used, please ask me for details if you are interested.
The point or truth? Probably *money*! But of course it comes in handy in preventing the pop-up security warning .
Gerrit
Comment by Gerrit Kiers — February 14, 2005 @ 2:02 pm
[…] tificates
Filed under: General — Admin @ 7:53 am
I’ve posted on Digital Certificates previously. but I think the solution is a bit basi […]
Pingback by Excel Pragma » More on Digital Certificates — March 10, 2005 @ 7:54 am