使用数字证书自动启用宏？ [英] Auto-enable macro with digital cert?

问题描述

那么从受信任的签名机构发出的数字证书，当用于签署Excel文档时，是否允许文档自动运行宏？

So will a digital certificate that is issued from a trusted signing authority, when used to sign an Excel document, allow the document to automatically run macros?

是否对于签名是否由证书颁发机构根据用户看到的内容进行签名是否签名是否有所区别？

Does it make a difference whether the signature is self signed or signed by a certificate authority in terms of what the user sees?

与在网页上使用verisign颁发的证书类似，机器通常自发地信任该授权机构颁发的证书。我想知道Excel中的行为是否相似。

Similar to when you use a verisign issued certificate on a webpage, the machine usually autmatically trusted certificates issued by that authority. I am wondering if the behavior in Excel is similar.

我基本上试图解决分配Excel表单的问题，这些问题依赖于宏才能正常运行。 p>

I am basically trying to address the issue of distributing Excel forms which are dependent upon a macro to function properly.

推荐答案

如果您从（例如VeriSign）购买签名密钥，则可以使用它来签署您的宏代码。当用户打开包含已签名代码的文件时，会发生什么，这取决于他们设置的宏安全级别。让我们假设它是在最高级别，这将默认防止任何未签名的代码运行。

If you buy a signing key from (e.g. VeriSign), then you can use this to sign your macro code. When a user opens a file containing your signed code, what happens then depends on the "macro security level" they have set. Let's assume it's at the highest level, which would silently prevent any un-signed code from running.

在这种情况下，他们将被告知他们的文件是由您的公司名称），并询问他们是否希望运行它。每当他们打开文件时都会询问他们。但是，还有一个标题为始终信任这个发行商的宏的复选框 - 如果他们勾选，那么您的公司的任何签名代码随后将不会再提示出现。

In this case, they will be told that they file is signed by (your company name) and asked if they wish to run it. They'll be asked this every time they open the file. However, there's also a check-box titled "always trust macros from this publisher" - if they tick that, then any signed code from your company will thereafter be run with no further prompting.

注意：您从VeriSign购买的签名具有到期日期 - 通常在一两年后。除非您在签署代码之前采取一些额外的步骤，否则该代码将不再运行在证书到期后（！）。当您的用户突然发现一年以后无法正常工作时，这可能会导致讨厌的冲击。

Note: the signature you buy from VeriSign has an expiry date - usually after a year or two. Unless you take some extra steps before signing your code, then the code will no longer run after the certificate expires(!). This can lead to a nasty shock when your users suddenly find that nothing works a year later.

为了确保代码在证书过期后仍能继续工作，需要在注册表中添加一些指定时间戳服务器的值，这些值将用于对签名的代码进行时间戳。此时间戳后来用于验证代码是否与签署时有效的证书签署，而不是现在有效。

To ensure that the code continues to work even after the certificate has expired, you need to add some values in the registry that specify a "time-stamp server" that will be used to time-stamp the signed code. This time-stamp is later used to validate that the code was signed with a certificate that was valid at the time of signing, as opposed to one that is valid now.

有关如何执行此操作的信息，请参阅此链接。

For information on how to do this, see this link.

这篇关于使用数字证书自动启用宏？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！