Evening all,

I posted on this a little while ago as an exploratory toe-in-the -water, now I'm doing more research and trying to find out about this.
Basically, my app involves running VBA macros in Office by so clearly I need to be able to allow the user to keep the security settings on High. I have done some investigating and found this link to Verisign (https://securitycenter.verisign.com/celp/enroll/selectOptions?bundle_id=MSOfficeCS&originator=VeriSign%3ACELP&application_locale=VRSN_US&checkPrice=true&promoCode=) which seems to be offering a signature for $400. The question is, is that really what I want? Because I'm doing this off my own back (cf RobDog's current troubles) and I'm loathe to part with that kind of money unless I'm sure that it will do what I want. Is this Dig Sig a general "this guy is OK" certification, so that I can use it to sign many macros in all forms of Office, or can I only use it once? If I change my macro, can I resign it or does it have to go back to Verisign? How long does it last? Will it work if I sign a template and bung it in the Startup folder, or does it only work on a per document basis. I'm going to want to sign templates.

And then, is this avoidable using VS Tools for Office? That's even more pricey, and again I don't necessarily mind paying but I'd like it to do what I want. I'll probably get round to getting VS Tools at some point, cos I plan to do some more app development for Office but it's whether or not to get it now. Also, I'd have to rewrite all my VBA...

Any suggestions / sharing of previous experiences with this much appreciated

Cheers

zaza

I havent had any experience with a Public DS but the private ones, like shown in my CodeBank thread, can be used to sign all of your code/projects. Its basically a "This program is written by a good guy and is not malicious." If you make changes to your code, depending on the change, you will have to resign the project but thats not an issue.

Which version of Office are you targeting? or all versions? If all then the VSTO is not your answer since it targets Office 2003 only at this time. If you write a app in .NET then you can do more because .NET has more integration with the Office Security features. I have not get into that area yet as I have been slacking lately posting help all the time. :(

When I quit my job I will be digging very deep back into Office and Outlook in preparation for Office 12 due out very late 2006 unless the deadline gets pushed back. :(

Hi Rob,

I knew you wouldn't be able to resist a thread with "VS Tools" in the title :) .
The app is for general consumption (for a handsome fee of course), so I think selfcert is out. I'm just a bit wary of blowing $400 on something which turns out to only work once, or doesn't actually allow users to use it safely or something like that.
I'm using Office XP, so it's certainly for that version and on - I don't know what the back compatibility is like for templates...maybe Office 2000? Probably no earlier. I would be surprised if using VS Tools meant that you didn't need a Dig Sig for a macro, given that it's a moneyspinner, but maybe not.

Cheers

zaza

I forgot to suggest that you send an email to Verisign requesting a few answers to these questions. I'm sure they would be able to clarify things up.

You will need to do version checking so in case someone accidentally tries to open a template at home with an older or newer version they wont get any nasty error messages. ;)

Did you find my CodeBank thread on Private DS' ?


Ps, of course I couldnt resist. :D

If you mean this one (http://www.vbforums.com/showthread.php?t=285212), then yes. But I understood that selfcert is only for use by yourself - it doesn't allow you to flog macros to all and sundry and have their copy of Office say it's OK. The user then has to add you to their "Trusted Publisher" list, which is a bit of a rubbish thing to have to do if you've just bought somebody's software. After all, every virus writer under the sun would be selfcert-ing if that was all it took, no?

I think I may follow your advice and contact Verisign about it. I hope they don't add me to some CIA-like database and send me junk mail about how I can BUY BUY BUY 45 SSL encryption keys and a 10 day trial of some online shopping software for only $2500. :rolleyes:


Good call with the version checking. Incidentally, any idea how I would know that a template written in XP will work in other versions of Office, short of handing $5000 to Microsoft and buying the lot.

zaza

Yes thats the one. The reason you dont want to distribut private DS' is because someone else could modify your app and any trouble it causes would be linked back to you. This is what Verisign guarentees to avoid with a secure Public Cert.

If you dont want them to spam you then use a temporary email account or one that you may have for this type of signups etc.

Oops, missed part of your question.

If you search MSDN for any functions, methods, and properties you use in your Add-In you can track in back to see where it is first introduced or if it is supported in a certian version. Then support that version forward. So if you wanted to support Office 2000+ then you would search under 2000 for all your props, methods, and functions, checking if they are supported and if the parameters are the same in all future versions, etc.

Then in your code you can detect the version and branch out to supported features only, etc.

Unnnhhhhh! My VBA code is...substantial.

Oh well. It's not like I have much of a life anyway. :cry:

Cheers for your help RD

No problem, but thats if you want to be real thourough. You could get by with only checking the methods, etc. that are not common. Like I would not check the .Add or .Open methods but the .CopyFromRecordset or .Sort would benefit from verification. ;)

Evening,

Well, I spoke to Verisign and they tell me that a DS from them is valid for 1 year during which time you can use it to sign as many files as you like. It sits in IE, and it should allow users to run macros in High security mode.

Cheers for help, RD

zaza

PS: Tried to rep, but apparently I have to "Spread the love around" first. Still, it's not like you need the gems...

Thanks for the update zaza. When your 1 year runs out will the code that is signed invoke the macro or security prompt?

Ps, sure I need them. My Cobra runs on Gems. I get 10,000 miles per Gem. :D