| Home |
| Search |
| Today's Posts |
|
#1
Posted to microsoft.public.excel.programming
|
|||
|
|||
Signed workbook depends on physical location of AddIn - Digital Signature Invalid - workaround?
I have an issue that I have struggled with for some time, and failed
to work around. I have a signed workbook whose signature seems to depend on the exact physical location of an AddIn on which it depends. I hope someone can advise me how to avoid the problem. I want to distrtibute a set of signed workbooks (containing macros and using functions that depend on an AddIn) to end users, and I would like the end users to be able to put the AddIn in their local settings folder for excel addins. Both the workbooks and the AddIn are signed by a kosher Verisign Cals 3 certificate and work fine if installed on the target system in the same directory location as the development system. Trouble is ... if the AddIn is installed in a different place (such as the user's .../Application Data/Microsoft/AddIns folder, the signature on the workbook becomes invalid when it is saved by the user. Note the user is allowed to change some of the content of the workbook, but can't change the VBA code. When saved and reopened, the following message is produced: "The macros in this file do not match the digital signature. Only a macro virus would cause this. Please scan for viruses and notify the publisher of this document. Macros will be disabled." Note also that there isn't a virus and the only thing that has changed is the AddIn is in a new location. Please help! How can I install my AddIn so that users are not exposed to this problem. Any and all advice would be gratefully recieved. Below is a copy of an earlier post that describes how to generate a simple test case for the problem. Regards Andy Bethell ----------------------------------------------- PS: I am using vanilla Office 2003, Norton Antivirus 2003, Windows XP Pro (fully patched), but the problem seems to be OS and Office version independent, ie. I have seen it on Windows 2000, Office 2000 and Office XP To summarise the problem: I have a set of workbooks containing signed macros. Each workbook refers to an AddIn containing common functions (also signed) When I use the workbooks and AddIn in the location in which they were signed, everything works fine. If I move the workbooks to another computer in the 'same' location (eg. C:\Program Files\MyApp), everything works fine. If I move the workbooks to a different location (on the signing computer or another computer), changes to the workbooks cannot be saved without invalidating the digital signature, making the workbooks unusable. The error message produced is as shown below. "The macros in this file do not match the digital signature. Only a macro virus would cause this. Please scan for viruses and notify the publisher of this document. Macros will be disabled." I have generated a reproducible test case. For the test case it does not matter whether the macros are signed with my kosher Verisign Class 3 code-signing certificate or a self-signed certificate. I can supply a copy of my test case. To generate the test case: 1. Create an AddIn with a simple function, eg. to display a MsgBox (MyMacro in MyAddIn), sign the AddIn and save to MyFolder (anywhere). 2. Load and install the AddIn in Excel. 3. Create a workbook (MyWorkbook) that invokes MyMacro in MyAddin (eg. using a command button OnClick event). Sign the workbook and save to the same folder as the AddIn (MyFolder). 4. Exit Excel 5. MOVE the folder 'MyFolder' to a different location on the filesystem. 6. Start Excel without opening any of the above. 7. Remove the existing AddIn (MyAddIn) from the AddIns list (Excel will give an error since it can no longer find the AddIn in its original location). 8. Restart Excel 9. Add the AddIn in its new location to the AddIns list. 10. Open MyWorkbook. 11. Save (^S) MyWorkbook 12. Exit Excel 13. Open MyWorkbook You should now get the error about signature mismatch. I believe the above test case roughly simulates distributing the signed workbooks and AddIn to end users, who may choose to intall the workbooks and AddIn in a location of their choice. However, it seems that if they choose a location 'different' to the one that the workbooks and Addin were signed at, no changes to the workbooks can be saved without them becoming unusable. |
|
#2
Posted to microsoft.public.excel.programming
|
|||
|
|||
|
Signed workbook depends on physical location of AddIn - Digital Si
In case anyone is interested, this behaviour is 'by design'.
If you sign a VBA project that has an external dependency on an XLA AddIn, the signature is invalidated when the references are fixed up by Excel, if the physical location of the AddIn has changed since the project was signed. AndyB |
|
#3
Posted to microsoft.public.excel.programming
|
|||
|
|||
|
Signed workbook depends on physical location of AddIn - Digital Si
In case anyone is interested, this behaviour is 'by design'.
If you sign a VBA project that has an external dependency on an XLA AddIn, the signature is invalidated when the references are fixed up by Excel, if the physical location of the AddIn has changed since the project was signed. AndyB |
| Reply |
| Thread Tools | Search this Thread |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Forum | |||
| Excel 2007. Self Digital Signature invalid, can't del. | Excel Discussion (Misc queries) | |||
| Digital Signature | Excel Discussion (Misc queries) | |||
| Adding a scanned physical signature into Excel | Excel Discussion (Misc queries) | |||
| Workbook Created By Signed Addin Is Itself Not Signed | Excel Discussion (Misc queries) | |||
| Digital signature on workbook/addin invalid when files moved? | Excel Programming | |||
Linear Mode
