3

I have a litte problem with Microsoft SignTool.exe. I have installed Windows 10 SDKs and Office SIPs to support macro enabled documents. Then I followed readme to activate dlls and made all the changes, including:

  1. Installed - Microsoft Visual C++ Runtime Libraries
  2. Set path to VBE7.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA]
"Vbe71DllPath"="C:\Workspace\Signing\vbe7.dll"

  1. Registered MSOSIPX.DLL with REGSVR32
  2. I have also created wintrust.dll.ini and added:

[1]
DLL=<C:\Workspace\Signing\msosipx.dll>
GUID={6E64D5BD-CEB0-4B66-B4A0-15AC71775C48}
CryptSIPDllCreateIndirectData=_VBASipCreateIndirectData@12
CryptSIPDllGetSignedDataMsg=_VBASipGetSignedDataMsg@20
CryptSIPDllIsMyFileType2=_VBASipIsMyTypeOfFileName@8
CryptSIPDllPutSignedDataMsg=_VBASipPutSignedDataMsg@20
CryptSIPDllRemoveSignedDataMsg=_VBASipRemoveSignedDataMsg@8
CryptSIPDllVerifyIndirectData=_VBASipVerifyIndirectData@8

  1. I'm using:

    signtool sign /debug /n "Cert" /fd SHA256 test.xlsm and the following happens:

SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: test.xlsm
Number of files successfully Signed: 0
Number of warnings: 0
Number of errors: 1

Little note at the end:

With test.exe it worked just fine.

Dmytro
  • 372
  • 2
  • 12

3 Answers3

1

I understand this has been answered, but adding my input for anyone else coming across this.

I don't think you don't need the angle brackets for the path to the SIP module. As per Wikipedia the syntax is key = value. So I would use:

[1]
DLL=C:\Workspace\Signing\msosipx.dll

Also make sure you are using the 32-bit version of signtool from "C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86". Using the 64-bit version I received the same error as you. But following the examples in the bundled offsign.bat and using the right version made it work.

Nivin
  • 45
  • 9
0

I have solved the problem by using regsvr32.exe via powershell instead of cmd.

Important note! I'm calling regsvr32.exe on msosipx.dll in my working folder C:\Workspace\Signing.

P.S. I don't really understand why it's working.

Dmytro
  • 372
  • 2
  • 12
0

I had the same error This file format cannot be signed because it is not recognized even after I registered the dlls.

I then noticed that I had ran regsvr32 from an unelevated cmd (I have UAC active on my dev machine).

Even though it reported success, when I re-ran:

regsvr32 msosip.dll
regsvr32 msosipx.dll

from an Admin cmd, and made sure that I was using the x86 version of signtool, the signing of my xlam file was then successful:

C:\Program Files (x86)\Windows Kits\10\bin\10.0.18362.0\x86\signtool.exe" sign /v  /s My /n "Martin-Self-Office1" /fd SHA256 /tr http://timestamp.digicert.com /td SHA256 ".\f\Test-1-Addin.xlam"
...
Successfully signed: .\f\Test-1-Addin.xlam

Number of files successfully Signed: 1
Martin Ba
  • 37,187
  • 33
  • 183
  • 337