I am currently trying to sign VBA macros in Excel and Word and Powershell scripts via the cmd.
For this purpose I use the Microsoft signtool.exe as part of the Windows 10 SDK: https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk/
Signing Powershell scripts using the following command works fine:
signtool.exe sign /f "testca.pfx" /fd SHA256 /p "123456" "test.ps1"
For signing macros in Office documents, "Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects" is also required: https://www.microsoft.com/en-us/download/confirmation.aspx?id=56617
I downloaded the .exe and executed it.
Registering the .dll files using: "regsvr32" also worked. The paths to the .dll files are visible in the registry.
Microsoft Visual C++ 2015-2019 Redistributable (x86) is also installed.
So theoretically I should be able to sign Excel macros now. However, my server receives an error message with an error code, which I can't find anything about in Google.
Here is the complete output:
The following certificates were considered:
Issued to: TestCA
Issued by: TestCA
Expires: Wed Feb 03 08:53:09 2021
SHA1 hash: E19CE363C88CDBCE677FA170008D0AB0D98A02DCAfter EKU filter, one certs were left. After expiry filter, 1 certs were left. After Private Key filter, 1 certs were left. The following certificate was selected:
Issued to: TestCA
Issued by: TestCA
Expires: Wed Feb 03 08:53:09 2021
SHA1 hash: E19CE363C88CDBCE677FA170008D0AB0D98A02DCThe following additional certificates will be attached: Done Adding
Additional Store SignTool Error: An unexpected internal error has occurred.
Error information: "Error: SignerSign() failed. (-2147220492/0x800403f4)
I have now performed the installation as described above several times on different computers, all with admin rights and current updates:
VM with win10 from work: .ps1 and .xlsm signing is possible
Private VM with win 7: only .ps1 signing works
What you can probably say is that signtool.exe works as such, because I can sign PowerShell scripts on all machines.
But signing macros does not always work. Probably has something to do with the interface packages?
I hope somebody has had the same problem before and can help. Because I'm going crazy with this. Thanks a lot!
Well, it took me a long time, but I'm up and running now. If anybody else has the same problem:
The "Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects" .zip contained a readme.txt saying "Microsoft Visual C++ Redistributal (x86)" must be installed. The link behind it downloaded the "Microsoft Visual C++ 2015-2019 Redistributal (x86)", which is the latest version.
I have now tested all available versions of the last years and the only working one is the 2010 version. I don't know why the readme.txt refers to a different version, but the bug and the "solution" are definitely reproducible.
Anyway, use Visual C++ 2010 and everything is fine!