Microsoft KB Archive/920627

= Description of digital signatures and code signing in Word 2002 and in later versions of Word =

Article ID: 920627

Article Last Modified on 3/20/2007

-

APPLIES TO


 * Microsoft Office Word 2003
 * Microsoft Word 2002 Standard Edition
 * Microsoft Office Word 2007

-





INTRODUCTION
In Microsoft Word 2002 and in later versions of Word, you can digitally sign a document or code sign a macro project. This procedure guarantees that you were the last person to change the document or the macro project.

This article answers questions about digital signatures and code signing.



What is a digital certificate?
Digital certificates and digital signatures help guarantee that the file that you are about to use comes from a reliable source and has not been tampered with.

A digital certificate is an ID that a file carries. To validate a signature, a certification authority validates information about the creator of the file, and then issues the digital certificate. The digital certificate contains information about the person to whom the certificate was issued, and information about the certification authority that issued it. When a digital certificate is used to sign a file, the ID is stored with the file in a verifiable form so that the ID can be displayed to a user.

What is a digital signature?
Word uses digital signatures on the document contents to help make sure that the document has not been modified and saved since the document was signed. Digital signatures can also help you distinguish documents and macros that are created by a reliable source from bad and potentially damaging documents or macro code (viruses).

A digital signature includes both a public certificate and the value of the signed data as encrypted by a private key. The value is a number that a cryptographic algorithm generates for any data that you want to sign. This algorithm makes it almost impossible to change the data without changing the resulting value. Therefore, by encrypting the value instead of the data, a digital signature helps a user to verify that the data was not changed.

What occurs when I use a digital signature?
You can view and edit signed Word documents when you use a digital signature. However, you cannot edit and then save a signed document without invalidating the signature. For example, you can sign a file, and other users can view the file. As long as the file remains signed, other users will know that the file came from you and was not modified.

Digitally signing a document differs from code signing a Visual Basic for Applications macro project. You can digitally sign the document for content, and you can also code sign your Visual Basic for Applications macro project in the same document.

What Word files can I sign?
You can digitally sign any Word document (.doc) or Word template (.dot). However, Word 2002 and later versions of Word are the only versions of Word that recognize the digital signature.

How can I obtain a digital signature?
To obtain a digital signature, you first must have a digital certificate. There are two methods to do this.

Method 1: Obtain a digital certificate from a certification authority
You can obtain a digital certificate or a code signing ID from a commercial certification authority or from your internal security administrator or information technology (IT) professional.

A certification authority can issue you a digital certificate or code signing ID for no charge. The certification authority performs an in-depth identification check before the authority issues a digital certificate.

For more information about how to obtain a digital signature or code signing ID, visit the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/ms995347.aspx

Method 2: Create your own digital certificate
You can create your own digital certificate for personal use or for testing by using the SelfCert.exe tool that is provided in Microsoft Office. However, this certificate is not authenticated by a certification authority.

For more information about how to create your own digital certificate, click Microsoft Word Help on the Help menu, type create your own digital certificate in the Assistance pane, and then click Start searching to view the topic.

How do I add a digital signature to a document?
To add a digital signature to your document in Word 2002 or in Microsoft Office Word 2003, follow these steps:  On the Tools menu, click Options. On the Security tab, click Digital Signatures. Click Add. If the document has changed and is not yet saved, or if it is not saved in the Word document format, you receive the following message:

This document must be saved as a Word document before it can be digitally signed. Do you want to save the document?

 Click Yes to display the Save As dialog box. You must save the file in the Word Document format or the Document Template format to add the digital signature. After you save the document, the Select Certificate dialog box is displayed. Click to select the certificate that you want to use, and then click OK. Click OK to close the Digital Signatures dialog box.</ol>

The Word document is now signed.

<div class="moreinformation_section">

To add a digital signature in Microsoft Office Word 2007, follow these steps:
 * 1) Click the Microsoft Office button, point to Prepare, and then click Add a Digital Signature.
 * 2) If you want to state your purpose for signing the document, type this information in the box under Purpose for signing this document in the Sign dialog box.
 * 3) Click Sign.

<div class="moreinformation_section">

Notes <ul> If you save your document after you add the digital signature, the digital signature will be removed. For example, when you click Save on the File menu after you digitally sign your document, you receive the following message:

Saving will remove all digital signatures in the document. Do you want to continue? If you click Yes, the digital signatures will be removed from your document.

</li> To verify that changes have not occurred in the signed document in Word 2002 or in Word 2003, follow these steps: <ol> On the Tools menu, click Options.</li> On the Security tab, click Digital Signatures.</li> On the Signatures tab, verify whether a signer is listed in the The following have digitally signed this document list. If a signer is listed, the file was not changed since the digital signature was added to the file.</li></ol> </li></ul>

<div class="moreinformation_section">

To verify that changes have not occurred in the signed document in Word 2007, follow these steps:
 * 1) Click the Microsoft Office button, point to Prepare, and then click View Signatures.
 * 2) If the View Signatures option is unavailable, the document is not digitally signed. If the document is digitally signed, the Signatures task pane will appear. This task pane includes information about the digital signature.

<div class="moreinformation_section">

How do I code sign a macro project?
To code sign your Visual Basic for Applications macro project in Word 2002 or in Word 2003, follow these steps:
 * 1) Open the document that contains the macro project that you want to sign.
 * 2) On the Tools menu, point to Macro, and then click Visual Basic Editor.
 * 3) In the Project Explorer pane, select the project that you want to sign.
 * 4) On the Tools menu, click Digital Signature.
 * 5) Use one of the following procedures:
 * 6) * If you did not previously select a digital certificate, or if you want to use another certificate, click Choose, select the certificate, and then click OK two times.
 * 7) * To use the current certificate, click OK.

<div class="moreinformation_section">

To code sign your Visual Basic for Applications macro project in Word 2007, follow these steps:
 * 1) Click the Microsoft Office button, and then click Word Options. Click the Personalize tab, click to select the Show Developer tab in the Ribbon check box, and then click OK.
 * 2) Click the Developer tab, and then click Visual Basic in the Code group.
 * 3) In the Project Explorer pane, select the project that you want to sign.
 * 4) On the Tools menu, click Digital Signature.
 * 5) Use one of the following procedures:
 * 6) * If you did not previously select a digital certificate, or if you want to use another certificate, click Choose, select the certificate, and then click OK two times.
 * 7) * To use the current certificate, click OK.

<div class="references_section">