Digital Signatures 2

[CNS4us]

I need help with digital signatures. I have searched the web and there are hundreds of solutions. All I need is the ability to digitally sign a WORD document which then prevents the contents from being changed. I would prefer little or no additional software for each client computer. Also, I would prefer simple basic operation instead of a full client/server operation with more features than ginsu knife set. Any guidance would be appreciated.

Thank you.

 

[ETID]

Have you tried selfcert.exe included with windows?

...do a search of the windows folder, create your own digital certificate

 

[CNS4us]

Yes sir I have run the SelfCert. Now what? Sorry but I need to go back to gradeschool on this one.

Thanks so much!!

 

[ETID]

If you just need to protect the document then you need only password protect it from the tools menu.


If you want to have macros available without propmt..then from the vba editor, goto tools>references and add your self made certificate

 

[krinid]

If one password protects a VBA project with a certificate, he can see the project himself, but others can't? If he sends his certificate to others (it's just a file, right?), can they then access the project?

 

[ETID]

Not that I'm aware of...the cert is passed to their machine when they accept it upon 1st time opening the document, and clicking always trust certs by "John Doe of ABC Co.".

acceptance of the cert., just bypasses the need for users to set macro security to med or low, they can leave it on high and still run your certified macros if they accept your cert(s).

The passwords (as far as I know) are not related to the cert. The user must know the Password to gain access to the vba project. (this probably includes the author).

 

[fumei]

Sorry for the long post, but selfcert ONLY makes a certification on the local machine. It does NOT act as a certification or digital signature on any other machine. The only purpose of using selfcert is to bypass high security on your own machine, so if your own security is high, selfcert allows your own macros to run - as they are selfcertified.

It does not help at all if other people have high security. Plus, the original post refers to locking the contents so they can not be changed. Selfcert does not affect this at all.

CNS4us - could you reiterate what you wish to do? You have a Word document that you want to not permit changes to? Does that mean you want it read only? You do not want anyone to be able to add text, amend text etc? If this is the case, there are relatively simple solutions that can prevent most users from altering files. Although, as has been posted in other threads, it is difficult to prevent serious attempts to break into your file.

For example, you could protect the entire contents with the Protect feature. Use a honking password (at least 10 characters), then also password protect the file itself with a different password, then make it read only, then use NTFS permissions to explicitly deny modification rights to everyone but yourself. Build in Word override routines to disable all copy/paste/save as commands.

Depends on how far you want to - or need to- go. However, to say it again, digital signatures do not disallow a user from changing content. They allow macros to run because they are designated as safe. Selfcert does this, but only on the local machine.

Hope this helps.





Gerry

 

[ETID]

fumei,

What you have posted is not completlely true...I have added selfcert certificates to word and excel documents. and many users on our LAN are able to use the macro functions with security set to HIGH (our dept standard)..by accepting the cert when prompted.

 

[Harlequin007]

Guys

Sorry to jump in like this, hope I don't throw you off.

I am looking to use Selfcert.exe but am unabmle to find it on my system. I guess that means it isn't installed on Windows 2k Pro boxes.

Can I download and use it as a seperate tool...?

It would be really handy for the stuff I am currently developing - that way people don't have to set their security to "Low", just accept my sertificate.

----------------------------
Cogito Ergo Sum

http://www.discworks.co.uk

----------------------------

 

[ETID]

Have you searched the Office folders?

 

[fumei]

Hi Harlequin007. Yes, you are correct. What I wrote is not strictly true. It depends on the policies set on the network. We have 30,000 users on our network and they do not allow ANY selfcert-ed files. In other words, the users do not even get a prompt as my selfcert is not acknowledged as a valid (system acceptable) certificate.

From Microsoft:

NOTE: Digital signatures that are created with the SelfCert program are for personal use only. They are not meant for commercial distribution of VBA solutions. The type of certificate that is generated does not verify your identity.

Regarding using selfcert, again from Microsoft:

On the Windows Start menu, point to Programs, and then click Windows Explorer.
In Windows Explorer, navigate to the Program Files\Microsoft Office\Office folder, where Program Files is the drive and folder where you installed Microsoft Office 2000.
Find the SelfCert.exe program, and double-click it.

NOTE: The SelfCert.exe program is not part of the standard installation of Microsoft Office. If you need to install the SelfCert.exe program, rerun Setup for Office CD1 and click Add or Remove Features. Click the plus sign (+) next to Office Tools; click Digital Signature for VBA Projects and then click Run from My Computer. Click Update Now.
After SelfCert starts, type your name in the Your name box, and click OK.

Gerry

 

[CNS4us]

Wow, you guys are awesome but I think I need to clarify a bit.

fumei - thank you for your comments and you are right I need to explain a bit better....so here we go!

I have a Word Template that is also a password protected form. It is a "Credit Memo" form and has a bunch of fields that get filled out by someone. Currently, they print it out or email it to the approver and they then print it out or sign it manually. Then it is forwarded (the piece of paper) to the person that inputs it into the AS/400.

They have asked me to setup a way so they can just "digitally sign" the Word document (form) and let it live in email instead of a paper world.

Initially, I created a macro 5 years ago that embedded a menu for the "Approval Process" and had each approver's name there. They had to then put in a password and the macro would then verify the password and unprotect the form and slap in their name and date stamp and then re-protect the form without resetting the form fields.

This worked ok...but there are major design problems with that. First off, the approvers and passwords are hard coded into the macro. This is terrible because as passwords need to be changed or as approvers change, the macro needs to be updated. Also, the previous versions still have the old passwords because each new document is a new instance of the form and therefore contains all the code at that point in time. Secondly, I just found out that the latest version of Office allows users to unprotect and re-protect forms without resetting the fields.

So the challenge is to create a digital signature and date stamp that cannot be forged. Then, once the approver "signs" the form that form should no longer be able to get changed.

I understand that the simple concept is a enormous challenge. I have just heard more and more about digital signatures and was wondering if there is a simple way to accomplish this as opposed to buying some multiple seat license for some software that does a million other things when in fact all I need is a basic digital signature. Preferably with no client software needed.

In a perfect world I would like to see a MENU item on these forms that indicates Digital Signature. And then when clicked it allows the approver to go grab a digital certificate??? I guess...I don't know...that is why I am asking.....hahahah. Maybe I should just tell them that "..someone must have blown smoke up their ass about digital signatures...because at this point they are fantasies!!! Print the form out and sign it you lazy bastard!" Sound good?

Comments appreciated...........have a great day! : )

 

[CNS4us]

Any ideas guys???

Thank you in advance......

 

[Godfr33]

I work for Authentidate which is the sole provider of the USPS Electronic Postmark...Electronically Sign and Seal Microsoft Word Documents with a USPS Electronic Postmark!
USPS EPM Extension for Microsoft Office lets you digitally sign Word documents and seal them with the trusted USPS Electronic Postmark (USPS EPM).

http://www.Authentidate.com

If you would be interested in a free account e-mail me At gelkin@authentidate.com

 

[fumei]

CNS4us - I am working on a round about way of doing this. It will not, and never could, be bullet proof from seriously intended hacks. It will also NOT be as good as a true digitally signed certificate; but it could work to a fair extent.

It is in process, but if you would like to communicate directly with me, maybe we can come up with a prototype that could possible be acceptable. If it does not blow up, I will certainly share with the forum. I am starting a FAQ on the whole thing of restrictions, so if this becomes even a moderately viable option, I will share it there.

Can you send me a complete description of your requirements? I will see about integrating them with mine and give this thing a whirl.

gerry.knight@sds-dsc.gc.ca


Gerry

 

[fumei]

OK< maybe I better clarify what I am looking for. What I need to know is (after waving the magic wand that makes it work):

1. Suppose the person has "signed" off on it, and the form is now locked. Can they themselves ever edit and change things?

2. Does someone else have the right to edit or change things?

3. If #2 is yes, can you transfer rights?

4. Do you allow printing?

5. How many fields are involved???



Gerry

 

[CNS4us]

FUMEI - Email to you got returned...host unknown. Here was my original message....
Thanks so much for your assistance with this. I must tell you though I am strictly a novice at programming. I know enough to be dangerous but really am a total rookie.

With that being said, really my only requirements are the following....

- After the "signature" is applied, the document should not be able to be changed. Or if it just creates revision marks that would be fine I guess
- It has to be a simple process for the end-user. i.e. Click on "Digital Signatures" from the toolbar menu area and then "Approve" or something
- In my initial attempts I used name/password combinations that would apply the signature and date stamp it. If that continues then that would need to be in a totally separate file. That way password changes or user changes could be dynamic.

I don't know if that makes sense or not. In any effect, the digital signature thing that I've read about sounds way to complex and expensive than what I care to dive into.

Thanks again!!

 

[CNS4us]

Wow...this could definitely turn into a large project.

1. Well that would be awesome. For my purposes, it is more of a "executive approval" so once they "sign" it, it will be emailed to the next person who then enters the info into the AS400. I guess prints it out if necessary too.

2. I would say No (After the signature) Yes, beforehand

3. n/a

4. Yep

5. 20 Plus, drop downs, check boxes, text, dates

What is your bird'e eye solution???

 

[fumei]

OK, try this email;

gerry.knight@hrdc-drhc.gc.ca

bird's eye?

1. clean doc

2. on open, pick up opener's network logon username. (Word username is useless as it can be easily changed) eg. name = Blah One

3. all input via userform, not manual enter in formfields

4. on "OK", information loaded into doc at bookmarks; new userform comes up asking for name of person file will be sent to for approval. eg. "Approve Person" . Also ask for simple password to be assigned for that person.

5. file saved as new file (original is kept clean, and is closed). Person set as the one to approve is inserted into field in document; also set as Windows Explorer comment. So file will show in Explorer as:

Comment: completed by: Blah One
to be approved by: Approve Person

Person set as doing the approval also set as document variable, as well as password.

Blah One set by logic as NOT being able to open document again. i.e. if username = Blah One then doc.close

6. new document emailed to person who will approve, with the password - frankly this is bogus and is NOT secure - just looks good.

7. person approving opens file; file checks for current network logon and matches to doc variable of ApprovedBy, if matches asks for password. Opens new userform asking for approval - you may need to tell me other requiremnts.

8. person approving is totally locked out of any changes, including copying any contents via Ctrl-C. All they can do is yes or no. If no, document automatically closes with "Not approved" by their name.

9. If yes, "Approved" is marked into field, along with date, and set as doc variable, and comments adjusted for same.


Comment: completed by: Blah One
approved by: Approve Person
date: whatever

10. counter (doc variable) set as Approved1. File saved.

11. If Approve person reopens file, message box requires specific OK to open file, as it is already approved.

12. If Approved person requires Blah One to work on it again, they, and they alone, can reset the ability for Blah One to open file again.

Is that a enough of a bird's eye?

I have half way there....

Gerry

 

[CNS4us]

Well that is very in depth and I'm sure a challenge to code. I really like the idea that you can just hover over the doc and the comments show the critical info. Nice touch!!

ttl