Programatically add a digital signature to a macro

[Wictor Wilén]

Hello,
I would like to know if anyone has suceeded to programatically sign a macro
in an Office 2007 document?
What I would like to know is how to create the vbaProjectSignature.bin file
that exists in signed Open Xml documents.
Anyone with any idea?

 

[Jonathan West]

Hello,
I would like to know if anyone has suceeded to programatically sign a
macro
in an Office 2007 document?
What I would like to know is how to create the vbaProjectSignature.bin
file
that exists in signed Open Xml documents.
Anyone with any idea?

I don't think it is possible. What you can do is start with a signed
document and add text to it, and then save that.

 

[Wictor Wilén]

My guess is that it is pretty simple, but not documented. If you examine one
file with a signed macro and one without you will find that the only
difference is the vbaProjectSignature.bin file (except some relations stuff).
It's some signature of the vbaProject.bin file.
Does anyone from Redmond want to share how this signature is generated from
a certificate?
/WW

 

[Tony Toews [MVP]]

I would like to know if anyone has suceeded to programatically sign a macro
in an Office 2007 document?
What I would like to know is how to create the vbaProjectSignature.bin file
that exists in signed Open Xml documents.
Anyone with any idea?

Not knowing how these work I'm thinking that this might be allowed due
to basic security. If you can programmatically sign a macro what's
stopping a virus from doing so?

Tony
--
Tony Toews, Microsoft Access MVP
Please respond only in the newsgroups so that others can
read the entire thread of messages.
Microsoft Access Links, Hints, Tips & Accounting Systems at
http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/

 

[Wictor Wilén]

Hi Tony,
I think this should in general not be any problems, since you sign it with a
certificate, in real scenarios using a trusted certificate. To sign it you
must have the certificate.

In Office 2007 Trust Center you can choose if you only allow digitally
signed macros to execute and also which publishers you trust.
This is a pretty common scenario.

But maybe I'm wrong?!

/WW

 

[Jonathan West]

Hi Tony,
I think this should in general not be any problems, since you sign it with
a
certificate, in real scenarios using a trusted certificate. To sign it you
must have the certificate.

Yes, but if your computer has the certificate, and you get infected by a
virus, the virus also has access to the certificate if the certificate can
be applied programmatically. You are then a potential source of
virus-infected files that use the certificate you paid for and that
demonstrates the trustworthiness of your programs.

 

[Wictor Wilén]

Hello,
I'm not trying to sign it using VB macros in the Office clients. I would
like to make it a server side solution, which means that it is done on a
server, modifying the Office Open Xml file, hopefully using the .NET
framework.
/WW

 

[Jonathan West]

Hello,
I'm not trying to sign it using VB macros in the Office clients. I would
like to make it a server side solution, which means that it is done on a
server, modifying the Office Open Xml file, hopefully using the .NET
framework.

The same security concerns apply, which is why nobody at Microsoft is likely
to tell you how to do this.

 

[Wictor Wilén]

Ok, I admit that I might have been out on thin ice here and I get the
security issues. I had my hopes that this had some secure solution, thank you
for helping me out.
(WW