Using Fortanix Data Security Manager with 32-Bit SignTool for Signing and Verifying Microsoft Office Macro Files

1.0 Introduction

This article describes how to integrate Introduction Fortanix-Data-Security-Manager (DSM) with 32-bit SignTool for Signing and Verifying Microsoft Office Macro Files.

SignTool is a command-line tool provided by Microsoft as part of the Windows Software Development Kit (SDK). It is used to digitally sign files, including executable files, libraries (DLLs), installer packages, and other types of files on the Windows operating system.

You can use SignTool with the Fortanix DSM CNG Provider. Fortanix DSM CNG Provider makes it easy to securely store sensitive objects/keys required during the sign and verify processes, a native feature provided by Fortanix Key Management Service (KMS) for enterprise-level code-signing capabilities.

2.0 Prerequisites

The server or workstation that will be running the SignTool must have the following installed:

Download and install the 32-bit Fortanix KMS CNG Provider. You need 32-bit CNG to sign and verify the Office macro files.
Download and install the 32-bit Signtool. For more information, refer to SignTool documentation.

3.0 Signing and Verifying Microsoft Office Macro Files

Refer to Using Fortanix Data Security Manager with Microsoft CNG Provider and SignTool for integrating SignTool with CNG Provider. With this integration, you can sign file types like .msi and so on.

To sign Office macro file types, add the following steps to the above integration:

Download and install Microsoft Office Subject Interface Packages (SIPs).
Download and install Visual C++ 2010 run time.
After installing the above tools, open a command prompt in Administrator mode and run the following commands: If successful, you will see a message: DIIRegister Server in <Your complete file path> succeeded.
```
regsvr32.exe <complete path to msosip.dll>
regsvr32.exe <complete path to msosipx.dll>
```
NOTE
The files msosip.dll and msosipx.dll are available when you install Microsoft Office SIPs.

Use the following command to sign the Microsoft Office macro file using SignTool:

<Your path_to_32_bit_signtool.exe> sign /csp "Fortanix KMS CNG Provider" /kc <private key container name> /fd sha256 /f <signing certificate> MacroBook.xlsm

**Figure 1: Successfully Signed Office Macro File**

Use the following command to verify if a file is signed:
```
<Your path_to_32_bit_Signtool.exe> verify /pa MacroBook.xlsm
```
Figure 2: Verify the Signed Office Macro File

Using Fortanix Data Security Manager with 32-Bit SignTool for Signing and Verifying Microsoft Office Macro Files

1.0 Introduction

2.0 Prerequisites

3.0 Signing and Verifying Microsoft Office Macro Files

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6