Microsoft KB Archive/297142

= Description of digital certificates for Visio 2002 and for later versions of Visio =

Article ID: 297142

Article Last Modified on 6/12/2007

-

APPLIES TO


 * Microsoft Office Visio Professional 2007
 * Microsoft Office Visio Standard 2007
 * Microsoft Office Visio Professional 2003
 * Microsoft Office Visio Standard 2003
 * Microsoft Visio 2002 Professional Edition
 * Microsoft Visio 2002 Standard Edition

-



This article was previously published under Q297142



SUMMARY
This article is a general overview of digital certificates and how they relate to digitally signed Visio macros, signed programs, and Microsoft ActiveX controls. This article answers the following questions:
 * What is a digital certificate?
 * What is a signature? Why do we need them?
 * What happens with each security level?
 * How can I get a signature?



What is a digital certificate?
Digital signatures and certificates of authenticity can be applied to executable programs, ActiveX controls, or Visual Basic for Applications macros. These signatures provide you with the assurance that what you are about to use comes from a reliable source and that it has not been tampered with. Digital certificates help to prevent macro viruses from being introduced into your Visio drawings, your computer, and your local network.

A digital certificate is an identification (ID) that is carried with a file. To validate a signature, a certifying authority validates information about the software developers and then issues them digital certificates. The digital certificate contains information about the person to whom the certificate was issued, as well as information about the certifying authority that issued it. When a digital certificate is used to sign programs, ActiveX controls, and Visual Basic for Applications (VBA) macros projects, this ID is stored with the signed item in a secure and verifiable form so that it can be displayed to a user to establish a trust relationship.

What is a signature? Why do we need them?
Microsoft Visio has introduced digital signatures to help users distinguish legitimate code from undesirable and potentially damaging code. If you open an Visio drawing or template and see a macro security warning with digital signature information, you can feel reasonably confident that the person (or corporation) signing the macros also created them. You can choose to trust all macros signed by this person by clicking to select the Trust all macros from this source check box. From then on, Visio enables the macros without showing a security warning for any documents containing macros signed by this trusted source.

A digital signature is the public certificate plus the value of the signed data encrypted by a private key. The value is a number generated by a cryptographic algorithm for any data that you want to sign. This algorithm makes it nearly impossible to change the data without changing the resulting value. So, by encrypting the value instead of the data, a digital signature allows the end user to verify the data was not changed.

What happens with each security level?
To take advantage of the benefits of digital signatures for macros, Visio introduces security levels similar to other Office products.

Visio 2007
To set the security level in Visio 2007, click Trust Center on the Tools menu. The security levels in Visio 2007 are outlined in the following table.

Visio 2003 and Visio 2002
To set the security level in Visio 2003 and in Visio 2002, point to Macro on the Tools menu, and then click Security. The security levels in Visio 2003 and in Visio 2002 are outlined in the following table.

How can I get a signature?
To obtain a digital signature, first, you need to get a digital certificate. One option is to get a fully certified certificate from a certificate authority. Both individuals and commercial entities can obtain a commercially authenticated certificate for their code. To learn about the application process and requirements, see Introduction to Code Signing at the Microsoft Authenticode Web site. A list of Certificate Authorities is provided at the following Microsoft Web site:

http://msdn2.microsoft.com/en-us/library/ms537361.aspx

A Certificate Authority can issue you a digital certificate for code signing for a fee. The Certificate Authority will do an in-depth identification check before issuing a digital certificate for signing code. Be sure to get a digital certificate that can sign code with Microsoft Authenticode (Verisign calls this Class 2 or 3; Thawte calls this Developer Certificates), rather than one that can only sign e-mail. If you try to use a digital certificate that is not authorized to sign code, Visio warns that the digital certificate is not trustworthy. The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Additional query words: viso2002 visio2003 visio2007

Keywords: kbexpertisebeginner kbdigitalsignatures kbdigitalcertificates kbautomation kbdtacode kbhowto kbinfo KB297142

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.