Results 1 to 3 of 3
  1. #1
    Platinum Lounger
    Join Date
    Feb 2001
    Location
    Yilgarn region of Toronto, Ontario
    Posts
    5,453
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've searched for and read some posts on digital signing and seek assurance that I've understood what's said.

    Post 298955 suggests that SelfCert.exe can be used (although I've read elsewhere that SelfCert certificates are intended only for in-house circulation).

    http://msdn.microsoft.com/en-us/library/ms995347.aspx offers a table of certificate suppliers and characteristics, but I'm not sure which characteristics are useful. For example, is "secure email" of interest to me if I'm merely offering a Word/VBA application for download from my web site?

    Post 559671 suggests that once a user has accepted a certificate, they don't have to accept it again; seems like lodging my photo with the security guard so they'll let me in unasked, once they know my face.

    Post 559848 in the same thread suggests annual fees of $200/annum, which seems a bit steep for my use.

    In Post 422771 Gwenda expressed some problems with a supplier, but we don't know how she fared with the next supplier. A speedy refund policy, if it is still in effect, is a positive attribute.

    The last post in this thread Post 311400 has an excellent little SelfCert tutorial. (Thanks for the link, Jefferson!)

    The Post 289453 suggests that folder location is critical. My Setup.dot currently installs to whatever location is identified as the Startup Folder. I'm a man, I can change ....


    I'm loading Ziped files onto my web site.
    People who download the zip file (unzip and run SetUp.dot) will be those who have had some contact with me already - read an email, received a postcard, chatted on the phone, so there will be some degree of trust in place.

    I anticipate the biggest hurdles to be
    (a) first-time users of my application(s)
    ( friendly users at a hyper-secure employer site. They do exist.


    I'm going to experiment now with Selfcert.exe on 2 or 3 of my own machines .....

  2. #2
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    The problem with self-cert is how do people make sure that the code really was signed by you.

    The easiest way to do this is to get a certificate that has been signed by a well known, trusted, authority - such as Thawte or Verisign.

    Another way is to put a copy of your certificate on your server and provide some way that your customers can verify it - maybe by creating an MD5 checksum that you send them by some other method so they can check it hasn't been tampered with.

  3. #3
    Platinum Lounger
    Join Date
    Feb 2001
    Location
    Yilgarn region of Toronto, Ontario
    Posts
    5,453
    Thanks
    0
    Thanked 0 Times in 0 Posts
    [quote name='StuartR' post='789323' date='17-Aug-2009 10:35'].. how do people make sure that the code really was signed by you.[/quote]
    Stuart, thanks for this and the other comments.
    In my case I'm working with a baseline tester who wants to leave macro security set high/medium to guard against other persons, so the theory goes that when they have accepted me once, I'll be persona-grata at their doors for evermore.
    Some clients of mine have tight lockdown on macros too, so using self-certificates might be a way around that.

    For now I am blessed with this one practical instance where we both want to learn about Digital certificates, so it is an opportune sandbox for me.

    Meanwhile, back at the ranch ...
    I had reason this morning to remove/delete the SelfCert.exe certificate from two Word 2000/VBA templates, and was surprised at the shrinkage/bloat.
    The attached image shows the "backup" sizes before I removed the certificate; no editing of code was performed, just certificate removal.
    Attached Images Attached Images
    • File Type: jpg 1.JPG (41.0 KB, 0 views)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •