Office Documenst Signing

8/14/2019 Office Documenst Signing

1/22

Digital Signing of Microsoft 2007 OfficeSystem DocumentsAugust 2007


2/22

Table of Contents

Introduction 2What is a Digital Signature? 4

What Digital Signatures Accomplish ...................................................................4Requirements for Digital Signatures ..................................................................5Digital Signatures in the Business Environment ...................................................5Compatibility Issues ........................................................................................6

Using Digital Signatures 7Transparent or Invisible Digital Signatures .........................................................7

How to Add an Invisible Signature .....................................................................7Add a Signature Line ............................................................................. ........13

Digital Certificates 19Summary 21

www.microsoft.com/officei

Cover is for position only


3/22

Introduction2007 Microsoft Office is a complete suite of productivity and database software that will

help you save time and stay organized. Powerful contact management features help you

manage customer and prospect information in one place. You can develop professional

marketing materials for print, e-mail, and the Web, and produce effective marketing

campaigns in-house. You can create dynamic business documents, spreadsheets, and

presentations, and build databases with little experience or technical staff.

You will learn new features rapidly using the new Microsoft Office Fluent userinterface that presents the right tools when you need them. New task-based menus and

toolbars automatically display the commands and options you can use, making it faster

and easier to find the software features you need. And the new Live Preview feature

makes it easy to sample your changes before you apply them. The new tools help you

work faster and create more professional documents, spreadsheets, and presentations.

These tools help you quickly accomplish routine tasks so you can spend more time with

your customers and building your business. But in todays business world, getting the

work done quickly and accurately is not enough. Its also important to protect your

Microsoft 2007 Office system documents against unauthorized access and tampering.

In addition to the robust productivity enhancements included with the Microsoft 2007

Office system are new security advances. The Microsoft 2007 Office system was built with

security in mind, using Microsofts new Security Development Lifecycle approach for

software development which provides a comprehensive framework of design, production,

and testing methods and tools to ensure that software meets and exceeds current and

anticipated security demands. The Microsoft 2007 Office system represents the most

secure version of Office yet.

Security encompasses many factors, and Microsoft uses a number of technologies to help

secure your Office documents. Digital document signing is one of the ways you can help

protect information in your Microsoft 2007 Office system documents. When you sign a

document, you confirm that you are the originator of the document and that you vouch

for the contents of the document. If the document is changed in any way, the digital

signature is invalidated. Digital signatures on Microsoft 2007 Office system documents



4/22


5/22

What is a Digital Signature?You can digitally sign a document for many of the same reasons you might place a

handwritten signature on a paper document. A digital signature is used to help

authenticate the identity of the creator of (authenticate: The process of verifying that

people and products are who and what they claim to be. For example, confirming the

source and integrity of a software publishers code by verifying the digital signature used

to sign the code.) digital information such as documents, e-mail messages, and

macros by using cryptographic algorithms.Digital signatures are based on digital certificates. Digital certificates are verifiers of

identity issued by a trusted third party, called a certification authority or CA. This works

similarly to the use of standard identity documents in the non-electronic world. For

example, a trusted third party such as a government entity or employer issues identity

documents such as drivers licenses, passports and employee ID cards on which others

rely to verify that a person is whom he/she claims to be.

Digital certificates can be issued by CAs within an organization, such as a Windows

Server 2003 server running Windows Certificate Services, or a public CA such as VeriSign

or Thawte.

What Digital Signatures AccomplishDigital signatures help to establish the following authentication measures: Authenticity The digital signature helps to assure that the signer is whom he or she

claims to be. This helps prevent others from pretending to be the originator of a

particular document (the equivalent of forgery on a printed document). Integrity The digital signature helps to assure that the content has not been

changed or tampered with since it was digitally signed. This helps prevent documentsfrom being intercepted and changed without knowledge of the originator of the

document. Non-repudiation The digital signature helps to prove to all parties the origin of the

signed content. "Repudiation" refers to the act of a signer's denying any association

with the signed content. This helps prove that the originator of the document is the



6/22

true originator and not someone else, regardless of the claims of the signer. A signercannot repudiate the signature on that document without repudiating his or her digital

key, and thus other documents signed with that key.

Requirements for Digital SignaturesTo establish these conditions, the content creator must digitally sign the content by using

a signature that satisfies the following criteria: The digital signature is valid. A certification authority that is trusted by the operating

system must sign the digital certificate on which the digital signature is based. The certificate is associated with the digital signature is not expired. The signing person or organization (known as the publisher) is trusted by the

recipient. The certificate associated with the digital signature is issued to the signing publisher

by a reputable certification authority (CA).

Microsoft Office Word 2007, Office Excel 2007 and Office PowerPoint 2007 detect these

criteria for you and alert you if there appears to be a problem with the digital signature.

Information about problematic certificates is easily viewed in a certificate task pane that

appears within the Microsoft 2007 Office System program. Microsoft 2007 Office Systemapplications allow you to add multiple digital signatures to the same document.

Digital Signatures in the Business EnvironmentThe following scenario illustrates how digital signing of documents can be used in a

business environment:

1. An employee uses an Excel spreadsheet to create an expense report. The employee

then creates three signature lines: one for herself, one for her manager and one for

accounting. These lines are used to identify that the employee is the originator of the

document, that no changes will take place in the document as it moves to the

manager and the accounting division, and that there is proof that both the manager

and accounting department have received and reviewed the document.

2. The manager receives the document and adds her digital signature to the document,

confirming that she has reviewed and approved it. She then forwards it to the

accounting department for payment.



7/22

3. A representative in the accounting department receives the document and signs it,confirm receipt of the document.

This example demonstrates the ability to add multiple signatures to a single Microsoft

office document. In addition to the digital signature, the signer of the document can add

a graphic of her actual signature, or use a tablet PC to actually write a signature into the

signature line in the document. There is also a rubber stamp feature that can be used

by departments, indicating that a member of a specific department received the

document.

Compatibility Issues2007 Microsoft Office, unlike its predecessors, uses the XMLDSig format for digital

signatures. It is important to note that digital signatures are not compatible across

Microsoft Office platforms. For example, if a document is signed using Microsoft 2007

Office system and opened in a Microsoft Office 2003 application with the Office

Compatibility Pack installed, the user will be informed that the document was signed by a

newer version of Microsoft Office and the digital signature will be lost, as seen in figure 1.

Figure 1: Warning that the digital signature is moved when opened in a earlier version of Office



8/22


9/22

Figure 2: Office dialog box providing information about digital signatures

3. A Microsoft Office dialog box appears informing you that before you can add a

signature, you have to save the document in a format that supports digital

signatures. You can save the file in the new Office formats (.docx, .xlsx and .pptx) or

the old ones (.doc, xls and .ppt). Click Yes and the document will be saved the

format youve set as the default for the Office application.

Figure 3: Office dialog box providing information about document type required for signing

4. In the Save As dialog box, select a location to save the document and give the

document a name. Make sure that you save the document in the .doc or .docx

format. Click Save .



10/22

Figure 4: Selecting a location to save the document

5. In the Sign dialog box, you can enter a reason for signing the document in the

Purpose for signing this document text box. You can also leave this field blank if

you want. Note that there is a default user entered in the Signing as section. You

can change the signer of the document by clicking the Change button.

Figure 5: Providing a reason for the digital signature



11/22

6. The Select Certificate dialog box appears after clicking the Change button in theSign dialog box. If you have multiple user certificates, you can select one from this

box. This is most useful when you are using a shared computer. Before selecting one,

you can view details about the certificates, including issuer, expiration dates, the

certificate path and whether the certificate is trusted.

7. Click Cancel , then click Sign in the Sign dialog box.

Figure 6: Option for selecting an alternate certificate

8. The Signature Confirmation dialog box appears, informing you that the signature

was saved with the document and that if the document is changed, the signature willbecome invalid. Click OK to dismiss the dialog box.

Figure 7: Confirming that the document was signed

9. A Signatures task pane appears on the right side of the application window. In this

example there appears to be a problem with the signature, as indicated by theCertificate issues warning icon.



12/22

Figure 8: The Signatures task pane informs about certificate issues

10. Click on the problematic signature and then click the pull down arrow. Click

Signature details to discover the problem with the signature.

Figure 9: Investigating problems with the digital certificate

11. In the Signature Details detail box, there is information indicating that the problem

with the signature is that it is not trusted. The signature used in this example is a

self-signed certificate created by Microsoft 2007 Office system. This type of certificate

would typically be used in small and medium sized businesses that do not have a

public key infrastructure (PKI) in place. In the enterprise environment where there is

an established PKI, this problem would indicate that the machine this document is

being read on does not trust the CA that signed the users digital certificate. In this

example, we can choose to trust the users certificate by clicking the Click here to

trust this users identity .



13/22

Figure 10: Assessing issues with a digital certificate

12.After clicking Click here to trust this users identity , the Signature Details dialogbox indicates that the signature is valid. If you wish, you can see additional signing

information by clicking the See the additional signing information that was

collected link.

Figure 11: Verifying the valid signature

13. In the Additional Information dialog box, you can see information about what the

signature signs, the system date/time, the version of Windows, the version of

Microsoft Office, the version of the Office application signing the document, the

number of monitors on the machine, and the resolution of the primary monitor. Click

OK to dismiss this dialog box and then click Close in the Signature Details dialog

box.



14/22

Figure 12: Viewing additional information about the signed document

14. If there are no problems with the certificate, the certificate task pane will not appear.

However, if you want to view details of the signers and their certificates, you can click

the red ribbon icon in the status bar of the office application. This will enable the

Signatures task pane.

Figure 13: Digital signature indicator and enabling the Signature task pane

Add a Signature LineAnother way to add a digital signature to a document is to add one or more digital

signature lines. The following procedures describe how to create a digital signature line:

1. Click the Insert tab and then click the Signature Line button. The Signature Setup

dialog box appears. Enter information about the Suggested signer , Suggested

signers title , and Suggested signers e-mail address . Put a checkmark in the

Allow the signer to add comments to the Sign dialog if you want the signer to

add additional information into the signature line, and put a checkmark in the Show

sign date in signature line checkbox to add the date the document was signed inthe text box. Click OK .



15/22

Figure 14: Signature setup

2. A digital signature line now appears in the document. Double click the signature line

to provide more information.

Figure 15: The digital signature line

3. In the Sign dialog box you can type your name or if you have a table PC, you canwrite your name into the text box. If you dont have a tablet PC, but would like an

image of your actual signature to be included in the signature line, you can click the

Select Image link and insert a graphic file containing your handwritten signature. In

this example we will click the Select Image link to insert a graphic of an actual

signature.



16/22

Figure 16: Inserting the digital signature

4. In the Select Signature Image dialog box, select the image of your signature and

click the Select button.

Figure 17: Selecting the digital signature graphic



17/22

5. The image appears in the Sign dialog box. Before signing the document, you canenter a reason for signing the document in the Purpose for signing this document

text box. Click Sign to digitally sign the document.

Figure 18: Entering the purpose for digitally signing the document

6. The Signature Confirmation dialog box appears informing you that the digital

signature has been applied to the document.

Figure 19: Confirming the digital certificate was applied

7. Note in this example that there appears an Invalid signature warning in the

signature line box. Click Invalid signature to investigate reasons why the signature

is valid.



18/22

Figure 20: Warning that the signature may not be valid

8. In the Signature Details dialog box you will see that the certificate is not trusted.

You can choose to trust the certificate by clicking the Click here to trust this users

identity link.

Figure 21: Trusting the digital identity

9. After choosing to trust the signature, the Signature Details dialog box will confirm

that the signature is valid. Click Close .

Figure 22: Signature details confirms that the signature is trusted



19/22

10. The signature line no longer shows a problem with the certificate and the date thedocument was signed now appears above the signature line.

Figure 23: Signature line now reflects a trusted digital identity



20/22

Digital CertificatesIn the above examples we used self-signed certificates. These are certificates that are

created by the Microsoft 2007 Office system and can be used to digitally sign and

encrypted Microsoft 2007 Office system documents. Self-signed certificates are typically

used by individuals and small businesses who do not wish to set up a public key

infrastructure for their organizations and do not want to purchase a commercial

certificate.

The primary drawback of using self-signed certificates is that they are only useful if youexchange documents with those who know you personally and are confident that you are

the actual originator of the document. With self-signed certificates, there is no third-party

that validates the authenticity of your certificate. Each person that receives your signed

document will need to decide on her own whether or not to trust your certificate.

Larger organizations have two other options that scale much better than self-signed

certificates. These are: Certificates created by a corporate public key infrastructure (PKI)

Commercial certificates

Organizations have the option to create their own PKI. In this scenario, the company sets

up one or more certification authorities which can create digital certificates for machines

and users throughout the company. When combined with Microsoft Active Directory, a

company can create a complete PKI solution so that all corporate managed machines

have the corporate certificate authority chain installed and both users and machines are

automatically assigned digital certificates for document signing and encryption. For more

information on using a Microsoft PKI, please see the Public Key Infrastructure for

Windows Server 2003 page at

http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx

Another option is to use commercial certificates. A commercial certificate is one that is

purchased from a company whose line of business is to sell digital certificates. The main

advantage of using commercial certificates is that the commercial certificate vendors

root CA certificate is automatically installed on Windows operating systems, which

enables these machines to automatically trust these certificate authorities. Unlike the

http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspxhttp://www.microsoft.com/windowsserver2003/technologies/pki/default.mspxhttp://www.microsoft.com/windowsserver2003/technologies/pki/default.mspxhttp://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx


21/22

corporate PKI solution, commercial certificates enable you to share your signeddocuments with users who do not belong to your organization.

There are three types of commercial certificates: Class 1 Class 1 Certificates are issued to Individuals with valid e-mail addresses.

Class 1 Certificates are appropriate for Digital Signatures, encryption, and electronic

access control for non-commercial transactions where proof of identity is not required Class 2 Class 2 Individual Certificates are appropriate for Digital Signatures,

encryption, and electronic access control in transactions where proof of identity based

on information in the Validating database is sufficient. Class 2 Device Certificates are

appropriate for device authentication; message, software, and content integrity; and

confidentiality encryption Class 3 Class 3 Certificates are issued to Individuals, Organizations, Servers,

Devices, and Administrators for CAs and RAs. Class 3 Individual Certificates are

appropriate for Digital Signatures, encryption, and access control in transactions

requiring a high assurance about the subscriber's identity. Class 3 Server Certificates

are appropriate for server authentication; message, software, and content integrity;

and confidentiality encryption

For more information on commercial certificates, please visit the Microsoft Office

Marketplace at http://office.microsoft.com/en-us/marketplace/EY010504841033.aspx

Companies that are interested in signing documents that are only shared among other

employees in the organization will prefer a corporate PKI to reduce costs. For companies

that wish to share signed documents with people outside their organization, a commercial

certificate may fit their needs best.

http://office.microsoft.com/en-us/marketplace/EY010504841033.aspxhttp://office.microsoft.com/en-us/marketplace/EY010504841033.aspxhttp://office.microsoft.com/en-us/marketplace/EY010504841033.aspxhttp://office.microsoft.com/en-us/marketplace/EY010504841033.aspx


22/22

Office Documenst Signing

Documents

Transcript of Office Documenst Signing