Description of digital signatures in Excel 2002 workbooks

In Microsoft Excel 2002, you can digitally sign a workbook. Doing so ensures that you were the last person to make changes to the workbook.

Earlier versions of Microsoft Excel support digitally signing Microsoft Visual Basic for Applications (VBA) macro projects. For more information, please see the "References" section later in this article.

This article discusses the following topics regarding workbook signing:

• What is a digital certificate?
• What is a signature?
• What happens when I use a digital signature?
• What Excel files can I sign?
• How can I obtain a signature?
• How do I sign a workbook?

What Is a Digital Certificate?

Digital certificates and signatures assure you that the file that you are about to use comes from a reliable source and has not been tampered with.

A digital certificate is an ID that a file carries with it. To validate a signature, a certifying authority validates information about the creator of the file and then issues the digital certificate. The digital certificate contains information about the person to whom the certificate was issued, as well as information about the certifying authority that issued it. When a digital certificate is used to sign a file, this ID is stored with the file in a secure and verifiable form so that it can be displayed to a user.

What Is a Signature?

Excel uses digital signatures on the workbook contents to ensure that the workbook has not been modified and saved since it was signed. Digital signatures can also help you distinguish workbooks and macros created by a reliable source from undesirable and potentially damaging workbooks or macro code (viruses).

A digital signature is a public certificate plus the value of the signed data as encrypted by a private key. The value is a number that a cryptographic algorithm generates for any data that you want to sign. This algorithm makes it nearly impossible to change the data without changing the resulting value. So, by encrypting the value instead of the data, a digital signature allows a user to verify the data was not changed.

NOTE: When you digitally sign a file, it is important to understand that the digital signature generated by Microsoft Office may not constitute a legally binding signature in all U.S. states, Canadian provinces, or in other countries. You should consult with the law of the appropriate jurisdiction before relying on a digital signature as a binding legal signature. You should also understand that this feature cannot in all circumstances check the validity of the digital certificate on which the digital signature is based. Therefore, it is important that you verify that the digital certificate is valid before you use it to sign a document.

What Happens When I Use a Digital Signature?

You can view and edit signed Excel workbooks, although you cannot modify and save a signed workbook without invalidating the signature. For instance, you can sign a file and other users can view the file. As long as the file remains signed, others will know it came from you and has not been modified.

Signing a workbook is different from signing a VBA Project. You can sign the workbook for content and you can also sign the VBA Project in the same workbook.

What Excel Files Can I Sign?

You can sign any native Excel file format, including templates, as well as earlier versions of the file format, such as Excel 5/95. However, Excel 2002 is the only version of Excel that recognizes the signature.

Signing a template and then creating a new workbook based upon that template results in a signed, unsaved workbook. The main purpose for signing a template is to ensure that the original template was not modified.

Excel does not allow you to sign a shared workbook, because more that one person can make changes to the workbook.

NOTE: In Excel, no VBA method or property is available to sign or read signature information for a workbook.

How Can I Obtain a Signature?

To obtain a digital signature, you first need a digital certificate.

You can obtain a digital certificate from a commercial certification authority or from your internal security administrator or Information Technology (IT) professional.

A certification authority can issue you a digital certificate for a fee. The certification authority does an in-depth identification check before it issues a digital certificate.

The following companies are examples of digital certificate authorities:

• VeriSign, Inc.
  http://www.verisign.com
• Thawte, Inc.
  http://www.thawte.com

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

You can create your own certificate for personal use or testing purposes with the SelfCert.exe tool that is provided in Office. This unauthenticated certificate allows you to sign your own workbooks. Because this type of certificate is not validated by a certification authority, other users will see a warning not to trust the workbook if it contains macros.

To Install the SelfCert Tool

To install the tool, follow these steps:

1. Quit all Office programs. Click Start, point to Settings, and then click Control Panel.
2. In Control Panel, double-click the Add/Remove Programs icon.
3. On the Install/Uninstall tab, click Office XP product in the list of products, where Office XP product is the version of Office that you are using.
   
   If you are using a stand-alone version of one of the Office programs, click to select the appropriate product in the list.
   
   Click Add/Remove.
4. In the Setup dialog box, click Add or Remove Features.
5. In the Microsoft Office XP: Update Features dialog box, click the plus sign (+) next to Office Shared Features to expand the features list. If you see a minus sign (-) instead, the features list is already expanded.
6. Click the arrow next to Digital Signature for VBA projects, and then click Run from My Computer in the shortcut menu. Click Update Now.

To Create a Test Certificate

To create a test certificate for use with your workbooks, follow these steps:

1. Click Start, point to Programs, and then click Windows Explorer.
2. In Windows Explorer, navigate to the path\Microsoft Office\Office10 folder, where path is the drive and folder in which you installed Office.
3. Find the SelfCert.exe program and double-click it.
4. After SelfCert starts, type your name in the Your name box, and then click OK.

The program generates a digital certificate for the name that you typed.

How Do I Sign a Workbook?

To digitally sign your workbook, follow these steps:

1. On the Tools menu, click Options.
2. On the Security tab, click Digital Signatures.
3. Click Add.
   
   If the workbook has changed and is not yet saved, or is not saved in the Excel 2002 workbook format, you receive the following message:
   This workbook must be saved as a Microsoft Excel workbook before it can be digitally signed.
   Do you want to save the workbook?
   If you do not save the workbook, you cannot digitally sign it.
4. Click Yes to display the Save As dialog box. You must save the file in the Microsoft Excel Workbook format to add the digital signature.
5. After you save the workbook, the Select Certificate dialog box is displayed. Click to select the certificate that you want to use and click OK.
6. Click OK to close the Digital Signatures dialog box.

The Microsoft Excel title bar displays the word [Signed] in brackets after the workbook name to indicate that the workbook has been successfully signed, for example:

For more information about digitally signing macros and workbooks, click Microsoft Excel Help on the Help menu, type digital signatures in the Office Assistant or the Answer Wizard, and then click Search to view the topics returned.