Code Signing

Almost everyone who has used Microsoft Excel has seen the “Macros in this project are disabled” prompt.  It’s a mildly alarming message that is thrown up by members of the Microsoft Office suite, warning the user that there is some custom code in the document which could be dangerous.  In Excel 2007, the message looks something like this:

The first time I saw this I was horrified.  Now that I’ve been working with Excel macros for years, it only gives me pause if I don’t know where the code came from; but for many first-time encounters, clicking the “Enable this content” button is surely a harrowing moment after all the dire warnings and bold lettering.  And that, in a nutshell, is the second biggest reason why you should expect your Excel specialist to code sign all of the work they do for you.

The biggest reason for code signing is trust.  What information does Joe Consumer need in order to know that they are safe?  Why should Joe trust that your mystery black box is not going to do anything nasty to his system?  Part of validating yourself as trustworthy is going through the process of getting a code signing certificate.

When I got my first certificate, I was suprised at the level of detail required.  Code signing is not a simple process.  The signing authority needed copies of the Certificate of Incorporation for Gravity Computing, a phone and power bill from the last 3 months, a phone number that could be verified by actually phoning me personally, and as icing on the cake, the DNS records for www.gravitycomputing.co.nz had to match the details that I’d given them.  All this detail goes in to a single, simple, core requirement for code signing:  the signing authority has to know that you are who you say you are, before they’ll give you a certificate.

Code signing isn’t cheap, either, which provides another barrier to entry for those nefarious types.  At the time of writing, VeriSign are selling a three-year VBA “Code Signing Digital ID” for $1,295 US dollars – that’s about $1700 NZ dollars at the moment.  Chances are, the neighbourhood troublemaker isn’t going to put that sort of investment into a dodgy Excel macro.

Another great aspect of code signing is that, once a piece of code like an Excel macro is signed, that piece of code cannot be changed without re-signing it.  That is, if someone changes the VBA project and saves the file, the digital signature is discarded.  If you’re looking at a signed program, you can be confident that it hasn’t been messed-with during it’s journeys.

The whole foundation for code signing is trust.  And this is exactly the reason that your Excel specialist should be providing you with code that has been signed with a certificate from a trusted certificate authority.  Having a code signing certificate says:

  • I’m professional and care about my reputation
  • I want your users to be comfortable using my software
  • I’m genuinely in business (enough to fork out for it!)
  • I am who I say I am, and a third party has verified it
  • Nobody has messed with my code

If you’re given code that hasn’t been signed, you simply can’t be sure of these things.  Personally, I’d insist on receiving signed code.