Signing Macros Digitally to Verify the Source

Helping Protect Against Macro Viruses

Macro viruses are programs written in the macro languages of applications. These viruses can do serious harm to programs and data. Without proper precautions, macro viruses can be transmitted to a computer and stored in the Normal template or a global template when an infected document is opened in an Office application.

In Office 97, Microsoft Word, Excel, and PowerPoint can help protect against macro viruses by warning that the document being opened contains macros. You can then choose to disable the macros or keep them enabled when you open the document.

Office 2000 helps expand on macro virus protection by allowing macros in documents to be digitally signed. A digital signature is binary data that is calculated by applying an algorithm to the original data (in this case, the macro code) and a numeric private key. The private key has a corresponding public key.

When a second algorithm is applied to the digital signature and the public key, the algorithm determines whether the data was signed by a user with access to the private key. Therefore, the digital signature can be used to prove that the data is really from the user or source that the digital signature claims to be from.

Using certificates to sign macros

A certificate is a set of data that completely identifies an entity and is issued by a certificate authority only after that authority has verified the entity’s identity. The data set includes the public key tendered to the entity. The entity obtains a certificate that also includes the private key, so the certificate can be used to sign data.

A certificate that contains only a public key is called a public certificate. A certificate that contains public and private keys is called a private certificate or personal certificate. Certificates are automatically installed as needed and stored in the registry by the operating system.

VeriSign is an example of a certificate authority. You can also produce your own certificates by using Windows NT® Certificate Services or by using the Selfcert.exe program. This program is installed with the Office Tools/Digital Signatures feature in Office Setup.


 Note    Certificates created with Selfcert.exe are not verified by any authority, and any user with access to Selfcert.exe can create them. Therefore, it is recommended that users not trust self-signed certificates unless they know for sure that the certificate is valid. (You can determine who signed a certificate by viewing its properties.)


Not all certificates can be used for all security needs. Types of certificates include the following:

Identity     Proves user identity when the user is authenticated on a server computer.

E-mail      Digitally signs e-mail content to prove that it was produced by a specific user; encrypts the content so that it cannot be read or tampered with on a network.

Code-signing      Digitally signs code to prove that it was produced by a specific publisher; prevents code tampering.

When you sign Office macros, you must use a code-signing certificate. A public version of the certificate is stored with the digital signature in signed files. Personal certificates, which can be used to sign and encrypt the macros because they contain private keys, are also stored on the client computer.

Managing certificates with Internet Explorer

You can manage the certificates installed on a computer by using Microsoft Internet Explorer.

To manage certificates by using Internet Explorer 4.x

  1. On the View menu, click Internet Options, and then click the Content tab.
  2. In the Certificates area, click Personal to manage the personal certificates installed on your computer.
  3. To manage the list of trusted certificate authorities that is stored on your computer, click Authorities.

To manage certificates by using Internet Explorer 5

  1. On the Tools menu, click Internet Options, and then click the Content tab.
  2. To display the Certificate Manager, click Certificates.

Use the Certificate Manager to manage the personal certificates, public certificates, and list of trusted certificate authorities on your computer.

Using certificate timestamps

Certificates are given expiration dates after which the certificates are no longer valid. Expiration dates are chosen so that the amount of time between the issue date and expiration date of a certificate is too small for anyone to make the required computations to produce a private key from a public key and thereby falsify digital signatures.

If a macro is signed with a certificate after the certificate has expired, the signature is not considered valid. Certificate authorities provide a certified timestamp that can be applied as part of a digital signature when a document is signed. The timestamp proves when the document was signed and can be compared to the expiration date of the certificate to verify that the document was signed before the certificate expired.

You can specify the URL of a timestamp authority for Office to use in the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\VBA\Security

Within this subkey, you specify values for the following entries:

  • TimeStampURL     String value that provides the URL.
  • TimeStampRetryCount     DWORD value that specifies how many times to attempt to connect to the timestamp URL.
  • TimeStampRetryDelay     DWORD value that specifies how many seconds to wait between retries of the timestamp URL.

Signing macros by using the Visual Basic Editor

You sign Office 2000 macros in the Visual Basic Editor before saving the macro.

To sign a macro in the Visual Basic Editor

  1. With the macro open in the Visual Basic Editor, click Digital Signature on the Tools menu.
  2. Click Choose.
  3. In the Select Certificate dialog box, select the certificate you want to use.

All personal certificates installed on your computer are listed.

 
 
Applies to:
Deployment Center 2003