timestamping code-signed macros - a how to

Started by Paul Herber, July 21, 2009, 05:50:04 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Paul Herber

July 21, 2009, 05:50:04 PM
I was asked a question the other day and it took me a while to find out how I had done this ...
If you have purchased a code signing certificate then you can use it to sign the macros in your documents/stencils/templates as well as sign exe, dll and vsl files. For documents/stencils/templates you do this via the menu Tools -> Digital Signature within the VBA editor.
This all works fine for a year until your certificate expires whereupon all the code that you have distributed to your customers around the world suddenly shows security errors because the signing is no longer valid. Nothing in the VBA editor tells you about this, in fact it's very difficult to find any reference to this, it's almost as if whoever designed the macro signing process did it on purpose.

All you have to do is add an entry like this to your registry:
Code Select

[HKEY_CURRENT_USER\Software\Microsoft\VBA\Security]
"TimeStampUrl"="http://timestamp.verisign.com/scripts/timstamp.dll"
"TimeStampRetryCount"=dword:00000003
"TimeStampRetryDelay"=dword:0000001e

with suitable amendents to suit your signing authority.

There, with this information you can hopefully avoid doing any damage to the reputation of your business.

Electronic and Electrical engineering, business and software stencils for Visio -

https://www.paulherber.co.uk/

Visio Guy

#1
July 21, 2009, 10:03:52 PM
Hi Paul,

The more I read about code signing, the more it is starting to sound like a huge rip-off to developers, who might do better to develop a reputation first, so that customers don't care about the signing.

For your post, do you mean that if developers do the registry stuff FIRST, then their code won't "expire" after they've signed it? It isn't clear to me.
For articles, tips and free content, see the Visio Guy Website at http://www.visguy.com
Get my Visio Book! Using Microsoft Visio 2010

Paul Herber

#2
July 21, 2009, 10:26:25 PM
That is indeed the case!
A few weeks ago I bought a new certificate, what you get now has changed since last year and I can find no instructions on how to get it all working again.
I feel like dumping the whole thing.

Electronic and Electrical engineering, business and software stencils for Visio -

https://www.paulherber.co.uk/

AndyW

#3
July 22, 2009, 06:56:56 AM
I must admit, I just opted for creating my own code signing macro that doesn't expire until 2040. I know its not authenticated by a trusted body. If people purchase the software from the company I work for, then they must have trust so I'm not sure that it matters. Does seem to be a rip-off area really.
Live life with an open mind

ManicNeil

#4
July 22, 2009, 09:24:59 PM
AndyW,

The certificate does not give any assurance that the signed code you write is: 1) useful; 2) not malicious; 3) tested.   It simply assures that code signed with "AndyW" was the same AndyW who obtained the certificate from the recognized body, and not forged by me.
Print
Go Up Pages1
User actions