The destructive potential of macros has forced IT professionals to extend their security focus to commonly distributed documents. To protect against this threat without curtailing distribution and use of macros, many organizations implement digital signatures, which allow verification that macros and other electronic content come from a trusted source.

Digital signatures on macros tell users who placed the signature in the document. The signature can be verified with a certificate root authority or using an internal mechanism within your organization. You can implement digital signatures with your macros by:

• Using SelfCert.exe, the native Microsoft signing tool.
• Using a PKI implementation.
• Purchasing a package to give you a digital signature that is verified by a root certificate authority.

In this article, we will focus on Microsoft Excel, but other macro-enabled Office applications behave in a similar manner.

SelfCert.exe tool
Microsoft Office distributions include the SelfCert.exe tool as part of the default installation. This tool is distributed as a personal-use mechanism for creating digital signatures. It does not actually verify the identity of the author of the signature; instead, it writes a signature that it explicitly notes as not authentic. It is important to discuss this tool first, as fraudulent digital signatures may use it. [Continued…] [Rick Vanover, TechRepublic]