I sign VBA code in Excel files automatically with digital signature, which works well using X509Certificate2 and EPPlus. Now I want to include a timestamp, any idea where i could set this?
If I sign the code manually in VBA Editor - Tools - Digital Signature, the code is well signed with timestamp (and countersignature). So it remains valid when the cert of the signing person has expired. But when signing with EPPlus is doesn't. In ExcelVBASignature.cs it looks as this function would be prepared yet..
Here's how I do it so far:
using System;
using System.IO;
using OfficeOpenXml;
using System.Security.Cryptography.X509Certificates;
...
X509Certificate2 cert = new X509Certificate2 ( PFXfile, PFXpass, X509KeyStorageFlags.PersistKeySet );
using ( ExcelPackage xl = new ExcelPackage ( new System.IO.FileInfo ( Excelfile ) ) )
{
using ( ExcelWorkbook wb = xl.Workbook )
{
wb.VbaProject.Signature.Certificate = cert;
xl.SaveAs ( new System.IO.FileInfo ( TargetPath ) );
}
}
My request could be solved using Microsoft SignTool instead of EPPlus:
I use Microsoft SignTool (from Microsoft Windows 10 SDK) with the Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects.
Detailled Information:
Example: With the following command the VBA-Code inside the Excel file is signed with a countersignature using the certificate file including a private key. The Excel workbook itself will not be signed.
signtool.exe sign /f "CertificateFile.pfx" /p "P@ssw0rd" /fd "SHA256" /tr "http://rfc3161timestamp.globalsign.com/advanced" /td "SHA256" "D:\ExcelFileWithVBA.xlsm"