Digital Signatures

A Digital Signature (also known as a digital ID or certificate) is an electronic, encryption-based stamp which can be used to identify the author of the macros contained in a workbook, template or add-in.
There are several different types of certificate that can be digitally signed but from a Microsoft Office perspective we are only interested in Code Signing certificates which are not to be confused with SSL certificates.
SSL (Secure Sockets Layer) Certificates are used to protect encrypted data that is transferred over the internet.
Code Signing Certificates allow software manufacturers (or developers) to digitally sign software that can then be distributed.

Code Signing Certificates

This signature confirms that the file has originated from the signer and has not been altered or modified afterwards.
There are actually two different types of digital signatures:
Certificate Authority -
Self Created - These you can create yourself although there are some limitations.
Adding a digital signature to your macros is the final step before distributing them to other people.
When a digital signature is attached to a file it prevents any unauthorised changes to the file because the digital signature is overwritten when the file is saved.
Excel 2002 and 2003 allow you to enhance your VBA security by using digital signatures and to only accept macros that are from trusted sources.

Do I need a Digital Signature ?

If you are an in-house developer or are responsible for maintaining and distributing macros to several people then it may be worth getting a digital signature.
This will allow you to quickly identify if any of the workbooks, templates or add-ins have been tampered with.
It is only worth getting a digital signature if all your users have their Macro Security to High.
When the macro security is set to High any unsigned macros will be automatically disabled.
For more information about the different levels of macro security, please refer to the Macro Settings page.

Certificate Authority signatures

These are for commercial organisations that distribute macros.
The following Certificate Authorities are the most popular:
VeriSign - verisign.com
GoDaddy -
Cocert - cocert.org

Self-created signatures

These are only valid on machines where the signature was created.
It is possible to create your own, all you need is the small application called "Self Certificate" (selfcert.exe).
These are not "official" digital signatures and are commonly referred to as "self-signed projects".
These types of certificates will still generate a warning if your macro security is set to "High" or "Medium".
Locate the file "selfcert.exe" which should have been installed with Office and can normally be found at the root of the Office folder.
Double click this file and enter you Name. This will create a new certificate for you.

Where can I get Digital Signatures from ?

These can be obtained from various places, including commercial companies, professional developers or you could just create your own.
If you are using Excel within a large organisation they may even have there own certificate authority.
Official digital certificates are issues by commercial certification authorities and can be obtained by submitting an application form.
If you are an individual that publishes software then you should apply for a Class 2 digital certificate.
You will then be sent your digital certificate with instructions on how to use it to sign your Microsoft Office solutions.
More information about digital signatures and security can be found on the Microsoft website.

Apply a Signature to your Macro

You can only apply a signature to a file that has just been saved. You will be prompted if your file needs saving.
If the file is saved after you have supplied the signature, the signature will automatically be removed.
In Excel, press (File > Options) and select the "Security" tab.

Select the "Digital Signature" button.
To add a signature press "Add" and choose from the list of available signatures.

Removing a Signature from a file

Macros might have been disabled automatically If the security level is set to High and you open a workbook or load an add-in program that contains unsigned macros, the macros are disabled and you cannot run them. You can enable macros that are not digitally signed if you change the security level to Medium, close the workbook or unload the add-in program, and then reopen the workbook or reload the add-in program.
If you want Excel to automatically disable unsigned macros in the future, remember to change the security level back to High. To change the security level, point to Macro on the Tools menu, click Security, click the Security Level tab, and then click the level you want.

Important

I don't get a macro warning for a workbook that I know has macros. The security level might be set to Low To have Excel warn you that a workbook or add-in contains macros, change the security level to Medium: point to Macro on the Tools menu, click Security, click the Security Level tab, and then click Medium.