Programatically Sign a Macro in .NET

Question

I have a macro on any MS Office file format. I would like to sign it programmatically using C# and the .NET framework.

I know I can use a .NET framework tool called signTool.exe to sign ms office files on the command line. The tool runs on top of the .NET framework. I would like to be able to replicate some of this behavior on a stand alone application. In other words I would like to know if its possible to produce the digest then sign and incorporate the signature to the MS Office file programmatically, and not through the signtool.exe

I assume it has to be related to: System.Security.Cryptography?

Can't you just invoke `signTool.exe` using `Process.Start(…)`? — stuartd, Aug 21 '19 at 11:12
If I'm not mistaken those signatures are CMS signatures (warning, this is a rather wild guess), which means you have to look into the functionality of the [PKCS](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.pkcs?view=netframework-4.8) namespace. I'd first look up the documentation on which signatures are accepted for the macros though; when unsure, look at the standard. — Maarten Bodewes, Aug 21 '19 at 11:17
@stuartd I could invoke signTool from a process.Start, which would be super risky in terms of security, which is also the reason it should be always avoided :). — DaWNFoRCe, Aug 21 '19 at 11:43
@MaartenBodewes yes indeed those are CMS signatures. Basically PKCS7, nothing fancy. The Pkcs namespace lets me sign say xml messages and packages, but I cannot find anything to sign macros there :( — DaWNFoRCe, Aug 21 '19 at 11:46
Well, the CmsSigner lets you sign digital data, and a macro is certainly that. As indicated, there may be more requirements than just that to sign macros though. The trick is to find those. — Maarten Bodewes, Aug 21 '19 at 12:57
Note to my future self: Here is an answer that relates to signtool.exe: https://stackoverflow.com/a/57039432/2015768 — Frederick Nord, Aug 18 '23 at 08:46

Programatically Sign a Macro in .NET

0 Answers0