Sign a Word VBA project/file via command line or other form of automation_问答_开发者

Sign a Word VBA project/file via command line or other form of automation

开发者 https://www.devze.com 2022-12-22 09:20 出处：网络

Is there a way to automate code signing a VBA project in a Word 2003 and/or Word 2007 document? By automate I mean via a command line utility or via Word VBA automation?

Is there a way to automate code signing a VBA project in a Word 2003 and/or Word 2007 document?

By automate I mean via a command line utility or via Word VBA automation?

Motivation: I would like to code sign several Word templates as part of an automated daily build a开发者_如何学运维nd distribution cycle. Right now we have to do this manually by opening each document in Word and resigning.

Thank you, Malcolm

I've never seen a way to do this. I had an automated build of a template years ago and at the end I popped up a message box saying "you have to go sign the template now" and then opened VBA for them. Just saying I feel your pain I guess.

This may be worth a look: http://winbatch.com/

For anyone coming across this question a decade later, it seems to be possible to automate signing of VBA projects using SignTool in the Windows 10 SDK as described in this Microsoft Support page. I'll quote the specific instructions here too:

Download and install the Windows 10 SDK.

Download Officesips.exe from Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects.

To sign files and verify the signatures in files, register Msosip.dll and Msosipx.dll, and then run Offsign.bat. The detailed steps are included in the Readme.txt file in the installation folder of Officesips.exe.

Note: Use the x86 version of SignTool in the "C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86" folder when you run Offsign.bat.

Haven't done this myself yet but likely will in the near future. I'll update this answer if I learn anything.

I do not believe there is an automated way to do this because it would defeat the security of ~~code-signing~~ VBA Project signing.

The two message digests are compared, and if any part of the file has been modified or corrupted, the digests will not match and the contents of the file can't be trusted. The verification process will fail regardless of how the file was modified - whether through corruption, a macro virus, or programmatic changes made by an add-in or Office solution. The verification process will also fail if the file wasn't signed with a valid certificate; that is, if the certificate had expired, or had been forged, altered, or corrupted. If another user modifies the VBA project, the Office 2000 application removes the current signature and prompts the user to re-sign the VBA project; if the user doesn't sign the VBA project or signs it with another certificate, the file may fail the verification process.

Inserted from http://msdn.microsoft.com/en-us/library/aa190113(office.10).aspx

Code signing has the additional level of security in the fact that a developer must compile source code. A macro is not compiled and can be distributed as text. Therefore, automating macro signing would open a large security hole. Manually siging a macro is similar to Outlook prompting the user to allow programmatic access to the address book.