Using Fortanix Data Security Manager with 32-Bit SignTool for Signing and Verifying Microsoft Office Macro Files

Introduction

This article describes how to integrate Fortanix Data Security Manager (DSM) with 32-bit SignTool for Signing and Verifying Microsoft Office Macro Files.

SignTool is a command-line tool provided by Microsoft as part of the Windows Software Development Kit (SDK). It is used to digitally sign files, including executable files, libraries (DLLs), installer packages, and other types of files on the Windows operating system.

You can use SignTool with the Fortanix DSM CNG Provider. Fortanix DSM CNG Provider makes it easy to securely store sensitive objects/keys required during the sign and verify processes, a native feature provided by Fortanix Key Management Service (KMS) for enterprise-level code-signing capabilities.

Prerequisites

The server or workstation that will be running the SignTool must have the following installed:

Signing and Verifying Microsoft Office Macro Files

Refer to Using Fortanix Data Security Manager with Microsoft CNG Provider and SignTool for integrating SignTool with CNG Provider. With this integration, you can sign file types like .msi and so on.

To sign Office macro file types, add the following steps to the above integration:

  1. Download and install Microsoft Office Subject Interface Packages (SIPs).
  2. Download and install Visual C++ 2010 run time.
  3. After installing the above tools, open a command prompt in Administrator mode and run the following commands: If successful, you will see a message: DIIRegister Server in <Your complete file path> succeeded.
    regsvr32.exe <complete path to msosip.dll>
    regsvr32.exe <complete path to msosipx.dll>
    
    NOTE
    The files msosip.dll and msosipx.dll are available when you install Microsoft Office SIPs.
  4. Use the following command to sign the Microsoft Office macro file using SignTool:
    <Your path_to_32_bit_signtool.exe> sign /csp "Fortanix KMS CNG Provider" /kc <private key container name> /fd sha256 /f <signing certificate> MacroBook.xlsm

    Successful Validation.png Figure 1: Successfully Signed Office Macro File

  5. Use the following command to verify if a file is signed or not:
    <Your path_to_32_bit_Signtool.exe> verify /pa MacroBook.xlsm
    Verify Signing.png Figure 2: Verify the Signed Office Macro File

Comments

Please sign in to leave a comment.

Was this article helpful?
0 out of 0 found this helpful