Home » Software Security Blog » How to Sign VBA Macro with Timestamp in MS Office
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Before moving any further, verify that your certificate is installed in the Windows CSP. For that, right-click on your PFX file and select Install or import through Internet Explorer by clicking on:

Steps to sign VBA Macro with Timestamp

  • Internet Options menu -> Content -> Certificates -> Import.
  • Now, open the VBA project that you want to sign. Go to the Tools menu and select Digital Signature.
  • From that Digital Signature window, click “Choose” and select your PFX file.
  • Click OK and Save.
  • By now, your MS Office document is digitally signed.
  • By default, the certificate is not time stamped in some of the platforms like Windows Vista and Windows 7. If you’re signing through those platforms below are the steps to timestamp:
  • For timestamping your VBA macros by default, you must create a file named timestamp.bat and copy/paste these lines:

reg add "HKCUSoftwareMicrosoftVBASecurity" /v "TimeStampURL" /f /d
"https://timestamp.comodoca.com/authenticode"
reg add "HKCUSoftwareMicrosoftVBASecurity" /v "TimeStampRetryCount" /f /t REG_DWORD /d 2
reg add "HKCUSoftwareMicrosoftVBASecurity" /v "TimeStampRetryDelay" /f /t REG_DWORD /d 1

  • Save the file and double-click to run it, then confirm Yes when prompted.

Note:

  • A timestamp is an extra step, but critical nonetheless. It keeps your signature valid, even after the expiration of the certificate.
  • For verifying a timestamp on a signed macro, run the macro after setting the computer’s clock past the expiration date of the certificate. If it’s signed correctly, it will still run as signed.