Digital Signatures


How Digital Signatures Work

FlexPro has security levels that allow users to run macros based on whether or not they have been digitally signed by a macro developer on their list of trusted publishers. FlexPro also checks whether the digital signature is valid. For example, FlexPro checks whether the Macro Project was changed or signed before the digital certificate expired or before it was declared invalid. In addition, it checks whether the digital certificate was distributed by a valid certification authority.

Digital signatures work only on computers that have Microsoft Internet Explorer version 4.0 or later installed. If a user tries to open a project database that contains macros (signed or not) on a computer that does not have Internet Explorer 4.0 or later installed, a standard macro virus dialog box appears giving the user options for enabling or disabling macros before the project database is opened.

Signing Macro Projects

How to proceed   FlexPro uses Microsoft Authenticode technology to enable you to digitally sign macro projects you develop. First, you must obtain a digital certificate and install it. Then, test your solution - whenever code in a signed macro project is modified in any way, its digital signature is removed. When your solution is ready for distribution, sign the macro project. If you have the proper digital certificate on your computer, the macro project will automatically be re-signed when you save it. If you want to prevent users of your solution from accidentally modifying your macro project and invalidating your signature, lock the macro project before you sign it.

What a digital signature does not do   Your digital signature says only that you guarantee that this project is safe. It does not prove that you wrote the macro project. Locking and signing your macro project does not prevent another macro developer from replacing the digital signature with another signature. For example, corporate administrators may re-sign templates and add-ins so that they can control exactly what users can run on their computers.

Add-ins and digital signatures   If you create an add-in that adds code to a macro project, it is recommended that your code checks whether the project is digitally signed. Users should be notified of the consequences of modifying a signed project before they continue. Modifying a project database that contains a macro project does not invalidate the signature. It is not the project database that is signed, but the macro project.

See Also

Protection from Project Databases That May Contain Viruses

Security Levels in FlexPro

Obtaining a Digital Certificate

Share article or send as email:

You might be interested in these articles