Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Digital Certificate discarded when template assigned

Status
Not open for further replies.

duGly

Technical User
Nov 13, 2006
52
US
I'm using VBA with Word 2003.

I have a project signed with a commercial digital certificate (from GlobalSign). The problem described below happens when I modify the document on a computer other than my own.

When I change the template attached to the document (either manually or programmatically) and then save the document, I receive the following error: "You have modified a signed project. You do not have the correct key to sign the project. The signature will be discarded". And then the code no longer runs.

I have tried exporting the certificate to the other computer, and then it works fine. The problem is, we will be distributing the project to hundreds of users and I cannot distribute the certificate to them, as this would pose a security risk.

Any ideas how I can change the template attached to the document without losing the digital signature? GlobalSign's tech support has been of little help to me.

[banghead][red] — Artificial intelligence is no match for natural stupidity.[/red]
 
The attachment of a template to the document is done programmatically based on which template the user chooses. So it will always be done on another computer than my own.

[banghead][red] — Artificial intelligence is no match for natural stupidity.[/red]
 
Good question, Gerry. A document created from a template is not automatically signed with the digital certificate, even if the template is. However, if a signed document is copied, the copy retains the signature.

Since I'm not about to distribute my digital certificate to my clients, I thought the best solution would be to provide a signed source document from which to copy. My code copies the file fine, retaining the signature.

My code then allows the user to choose from a list of templates, or create their own. Each template has its own set of styles, so the purpose of the template (in my project, that is) is to allow a choice of styles. Unfortunately (as I stated in my first post), attaching a template after the document has been created makes the document lose its certificate. So my brilliant idea sucks eggs.

So I'm still back at square one. Any ideas?

[banghead][red] — Artificial intelligence is no match for natural stupidity.[/red]
 
duGly said:
Since I'm not about to distribute my digital certificate to my clients
Why on earth not, that's the whole purpose of buying one in the first place. You don't distribute your private key to anyone, but you can (and probably should) publish your public key on the web.


I'm a bit confused by what you are trying to do here. Let's consider an example with Alice and Bob, which is kind of traditional in cryptographic circles.

A digital certificate contains Alice's company name and her public key. It is issued by GlobalSign, and is signed with a message digest created with GlobalSign's private key (one of the most secret secrets on the Internet). You can prove that the certificate is genuine and has not been tampered with by looking up GlobalSign's public key, decrypting the digest, and comparing it with your own calculated digest of the certificate. If they match, it's genuine.

If Alice wants to send Bob a document, she creates it, signs it with an MD5 digest created with her private key, attaches the certificate, and sends it. Bob can then perform a similar process to verify her certificate, and determine that the document was really created by Alice, and that it hasn't been tampered with in transit.

So far, so good. Note that in order to make use of a certificate to create something rather than just reading it, you need the private key.

Which gets me (laboriously) round to the point. This document/template of yours that gets copied - if it is modified in any way it won't digest to the same value as the one you signed it with. And as I think you were implying in your earlier post, you don't want to be giving out your private key to anyone so that they CAN sign it either.

Maybe if you can tell us what you are trying to achieve, rather than how you are trying to do it, we can be more help?

Steve

[small]"Every program can be reduced by one instruction, and every program has at least one bug. Therefore, any program can be reduced to one instruction which doesn't work." (Object::perlDesignPatterns)[/small]
 
duGly

Did you manage to get this resolved?

Steve

[small]"Every program can be reduced by one instruction, and every program has at least one bug. Therefore, any program can be reduced to one instruction which doesn't work." (Object::perlDesignPatterns)[/small]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top