Digitally sign a macro project

This article explains how you can digitally sign (digital signature: An electronic, encryption-based, secure stamp of authentication on a macro or document. This signature confirms that the macro or document originated from the signer and has not been altered.) a file or a macro project (macro project: A collection of components, including forms, code, and class modules, that make up a macro. Macro projects created in Microsoft Visual Basic for Applications can be included in add-ins and in most Microsoft Office programs.) by using a certificate (certificate: A digital means of proving identity and authenticity. Certificates are issued by a certification authority, and like a driver's license, can expire or be revoked.). If you don't already have a digital certificate, you must obtain one. To test macro projects on your own computer, you can create your own self-signing certificate by using the Selfcert.exe tool.

Cool things you can do with Office 2010

The Office Blog

In this article


Obtain a digital certificate for signing

You can obtain a digital certificate from a commercial certificate authority (CA) (certificate authority (CA): A commercial organization that issues digital certificates, keeps track of who is assigned to a certificate, signs certificates to verify their validity, and tracks which certificates are revoked or expired.) or from your security administrator.

To learn more about certificate authorities that offer services for Microsoft products, see the list of Microsoft root certificate program members.

For more information about Microsoft Office Access and macros, see Macros and programmability.

Top of Page Top of Page

Create your own digital certificate for self-signing

Because a digital certificate that you create isn't issued by a formal certificate authority, macro projects that are signed by using such a certificate are referred to as self-signed projects. Microsoft Office trusts a self-signed certificate only on a computer that has that certificate in your Personal Certificates store.

Create a self-signing certificate

Which operating system are you using?


Windows Vista

  1. Click the Start button, point to All Programs, click Microsoft Office, click Microsoft Office Tools, and then click Digital Certificate for VBA Projects. In the Your certificate's name box, type a descriptive name for the certificate.
  2. When the certificate confirmation message appears, click OK.

To view the certificate in the Personal Certificates store, do the following:

  1. Open Windows Internet Explorer.
  2. On the Tools menu, click Internet Options, and then click the Content tab.
  3. Click Certificates, and then click the Personal tab.

Top of Page Top of Page

Windows XP

  1. Click the Start button, point to All Programs, point to Microsoft Office, point to Microsoft Office Tools, and then click Digital Certificate for VBA Projects. In the Your certificate's name box, type a descriptive name for the certificate.
  2. When the certificate confirmation message appears, click OK.

To view the certificate in the Personal Certificates store, do the following:

  1. Open Windows Internet Explorer.
  2. On the Tools menu, click Internet Options, and then click the Content tab.
  3. Click Certificates, and then click the Personal tab.

Top of Page Top of Page

Digitally sign a macro project

Which program are you using?


Excel

  1. Open the file that contains the macro project that you want to sign.
    • On the Developer tab, in the Code group, click Visual Basic.

If the Developer tab is not available, click the Microsoft Office ButtonButton image, and then click Excel Options. Then click Popular, and then select the Show Developer tab in the Ribbon check box.

 Note   The Ribbon is part of the Microsoft Office Fluent user interface.

  1. In the Visual Basic Project Explorer, select the project that you want to sign.
  2. On the Tools menu, click Digital Signature.
  3. Do one of the following:
    • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
    • To use the current certificate, click OK.

 Notes 

  • Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
  • If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
  • If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
  • When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

Top of Page Top of Page

Outlook

  1. Open the file that contains the macro project that you want to sign.
    • On the Tools menu, point to Macro, and then click Visual Basic Editor.
  2. In the Visual Basic Project Explorer, select the project that you want to sign.
  3. On the Tools menu, click Digital Signature.
  4. Do one of the following:
    • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
    • To use the current certificate, click OK.

 Notes 

  • Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
  • If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
  • If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
  • When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

Top of Page Top of Page

PowerPoint

  1. Open the file that contains the macro project that you want to sign.
    • On the Developer tab, in the Code group, click Visual Basic.

If the Developer tab is not available, click the Microsoft Office ButtonButton image, and then click PowerPoint Options. Then click Popular, and then select the Show Developer tab in the Ribbon check box.

 Note   The Ribbon is part of the Microsoft Office Fluent user interface.

  1. In the Visual Basic Project Explorer, select the project that you want to sign.
  2. On the Tools menu, click Digital Signature.
  3. Do one of the following:
    • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
    • To use the current certificate, click OK.

 Notes 

  • Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
  • If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
  • If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
  • When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

Top of Page Top of Page

Publisher

  1. Open the file that contains the macro project that you want to sign.
    • On the Tools menu, point to Macro, and then click Visual Basic Editor.
  2. In the Visual Basic Project Explorer, select the project that you want to sign.
  3. On the Tools menu, click Digital Signature.
  4. Do one of the following:
    • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
    • To use the current certificate, click OK.

 Notes 

  • Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
  • If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
  • If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
  • When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

Top of Page Top of Page

Visio

  1. Open the file that contains the macro project that you want to sign.
    • On the Tools menu, point to Macro, and then click Visual Basic Editor.
  2. In the Visual Basic Project Explorer, select the project that you want to sign.
  3. On the Tools menu, click Digital Signature.
  4. Do one of the following:
    • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
    • To use the current certificate, click OK.

 Notes 

  • Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
  • If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
  • If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
  • When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

Top of Page Top of Page

Word

  1. Open the file that contains the macro project that you want to sign.
    • On the Developer tab, in the Code group, click Visual Basic.

If the Developer tab is not available, click the Microsoft Office ButtonButton image, and then click Word Options. Then click Popular, and then select the Show Developer tab in the Ribbon check box.

 Note   The Ribbon is part of the Microsoft Office Fluent user interface.

  1. In the Visual Basic Project Explorer, select the project that you want to sign.
  2. On the Tools menu, click Digital Signature.
  3. Do one of the following:
    • If you haven't previously selected a digital certificate or want to use another one, click Choose, select the certificate, and then click OK twice.
    • To use the current certificate, click OK.

 Notes 

  • Sign macros only after your solution has been tested and is ready for distribution, because whenever code in a signed macro project is changed in any way, its digital signature is removed. However, if you have the valid digital certificate that was previously used to sign the project on your computer, the macro project is automatically re-signed when you save it.
  • If you want to prevent users of your solution from accidentally changing your macro project and invalidating your signature, lock the macro project before you sign it. Your digital signature says only that you guarantee that the project has not been tampered with since you signed it. Your digital signature does not prove that you wrote the project. Therefore, locking your macro project doesn't prevent another user from replacing the digital signature with another signature. Corporate administrators can re-sign templates (template: A file or files that contain the structure and tools for shaping such elements as the style and page layout of finished files. For example, Word templates can shape a single document, and FrontPage templates can shape an entire Web site.) and add-ins (add-in: A supplemental program that adds custom commands or custom features to Microsoft Office.) so that they can control exactly what users can run on their computers.
  • If you create an add-in that adds code to a macro project, your code should determine if the project is digitally signed and should notify the users of the consequences of changing a signed project before they continue.
  • When you digitally sign macros, it is important to obtain a timestamp so that other users can verify your signature even after the certificate used for the signature has expired. If you sign macros without a timestamp, the signature remains valid only for the validity period of your certificate.

Top of Page Top of Page

 
 
Applies to:
Excel 2007, Outlook 2007, PowerPoint 2007, Project 2007, Publisher 2007, Visio 2007, Word 2007