Office of Traffic, Safety, and Operations Warning Signs Freeway Signing Plan Design April 29, 2008.
Office Documenst Signing
Transcript of Office Documenst Signing
-
8/14/2019 Office Documenst Signing
1/22
Digital Signing of Microsoft 2007 OfficeSystem DocumentsAugust 2007
-
8/14/2019 Office Documenst Signing
2/22
Table of Contents
Introduction 2What is a Digital Signature? 4
What Digital Signatures Accomplish ...................................................................4Requirements for Digital Signatures ..................................................................5Digital Signatures in the Business Environment ...................................................5Compatibility Issues ........................................................................................6
Using Digital Signatures 7Transparent or Invisible Digital Signatures .........................................................7
How to Add an Invisible Signature .....................................................................7Add a Signature Line ............................................................................. ........13
Digital Certificates 19Summary 21
www.microsoft.com/officei
Cover is for position only
-
8/14/2019 Office Documenst Signing
3/22
Introduction2007 Microsoft Office is a complete suite of productivity and database software that will
help you save time and stay organized. Powerful contact management features help you
manage customer and prospect information in one place. You can develop professional
marketing materials for print, e-mail, and the Web, and produce effective marketing
campaigns in-house. You can create dynamic business documents, spreadsheets, and
presentations, and build databases with little experience or technical staff.
You will learn new features rapidly using the new Microsoft Office Fluent userinterface that presents the right tools when you need them. New task-based menus and
toolbars automatically display the commands and options you can use, making it faster
and easier to find the software features you need. And the new Live Preview feature
makes it easy to sample your changes before you apply them. The new tools help you
work faster and create more professional documents, spreadsheets, and presentations.
These tools help you quickly accomplish routine tasks so you can spend more time with
your customers and building your business. But in todays business world, getting the
work done quickly and accurately is not enough. Its also important to protect your
Microsoft 2007 Office system documents against unauthorized access and tampering.
In addition to the robust productivity enhancements included with the Microsoft 2007
Office system are new security advances. The Microsoft 2007 Office system was built with
security in mind, using Microsofts new Security Development Lifecycle approach for
software development which provides a comprehensive framework of design, production,
and testing methods and tools to ensure that software meets and exceeds current and
anticipated security demands. The Microsoft 2007 Office system represents the most
secure version of Office yet.
Security encompasses many factors, and Microsoft uses a number of technologies to help
secure your Office documents. Digital document signing is one of the ways you can help
protect information in your Microsoft 2007 Office system documents. When you sign a
document, you confirm that you are the originator of the document and that you vouch
for the contents of the document. If the document is changed in any way, the digital
signature is invalidated. Digital signatures on Microsoft 2007 Office system documents
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
4/22
-
8/14/2019 Office Documenst Signing
5/22
What is a Digital Signature?You can digitally sign a document for many of the same reasons you might place a
handwritten signature on a paper document. A digital signature is used to help
authenticate the identity of the creator of (authenticate: The process of verifying that
people and products are who and what they claim to be. For example, confirming the
source and integrity of a software publishers code by verifying the digital signature used
to sign the code.) digital information such as documents, e-mail messages, and
macros by using cryptographic algorithms.Digital signatures are based on digital certificates. Digital certificates are verifiers of
identity issued by a trusted third party, called a certification authority or CA. This works
similarly to the use of standard identity documents in the non-electronic world. For
example, a trusted third party such as a government entity or employer issues identity
documents such as drivers licenses, passports and employee ID cards on which others
rely to verify that a person is whom he/she claims to be.
Digital certificates can be issued by CAs within an organization, such as a Windows
Server 2003 server running Windows Certificate Services, or a public CA such as VeriSign
or Thawte.
What Digital Signatures AccomplishDigital signatures help to establish the following authentication measures: Authenticity The digital signature helps to assure that the signer is whom he or she
claims to be. This helps prevent others from pretending to be the originator of a
particular document (the equivalent of forgery on a printed document). Integrity The digital signature helps to assure that the content has not been
changed or tampered with since it was digitally signed. This helps prevent documentsfrom being intercepted and changed without knowledge of the originator of the
document. Non-repudiation The digital signature helps to prove to all parties the origin of the
signed content. "Repudiation" refers to the act of a signer's denying any association
with the signed content. This helps prove that the originator of the document is the
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
6/22
true originator and not someone else, regardless of the claims of the signer. A signercannot repudiate the signature on that document without repudiating his or her digital
key, and thus other documents signed with that key.
Requirements for Digital SignaturesTo establish these conditions, the content creator must digitally sign the content by using
a signature that satisfies the following criteria: The digital signature is valid. A certification authority that is trusted by the operating
system must sign the digital certificate on which the digital signature is based. The certificate is associated with the digital signature is not expired. The signing person or organization (known as the publisher) is trusted by the
recipient. The certificate associated with the digital signature is issued to the signing publisher
by a reputable certification authority (CA).
Microsoft Office Word 2007, Office Excel 2007 and Office PowerPoint 2007 detect these
criteria for you and alert you if there appears to be a problem with the digital signature.
Information about problematic certificates is easily viewed in a certificate task pane that
appears within the Microsoft 2007 Office System program. Microsoft 2007 Office Systemapplications allow you to add multiple digital signatures to the same document.
Digital Signatures in the Business EnvironmentThe following scenario illustrates how digital signing of documents can be used in a
business environment:
1. An employee uses an Excel spreadsheet to create an expense report. The employee
then creates three signature lines: one for herself, one for her manager and one for
accounting. These lines are used to identify that the employee is the originator of the
document, that no changes will take place in the document as it moves to the
manager and the accounting division, and that there is proof that both the manager
and accounting department have received and reviewed the document.
2. The manager receives the document and adds her digital signature to the document,
confirming that she has reviewed and approved it. She then forwards it to the
accounting department for payment.
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
7/22
3. A representative in the accounting department receives the document and signs it,confirm receipt of the document.
This example demonstrates the ability to add multiple signatures to a single Microsoft
office document. In addition to the digital signature, the signer of the document can add
a graphic of her actual signature, or use a tablet PC to actually write a signature into the
signature line in the document. There is also a rubber stamp feature that can be used
by departments, indicating that a member of a specific department received the
document.
Compatibility Issues2007 Microsoft Office, unlike its predecessors, uses the XMLDSig format for digital
signatures. It is important to note that digital signatures are not compatible across
Microsoft Office platforms. For example, if a document is signed using Microsoft 2007
Office system and opened in a Microsoft Office 2003 application with the Office
Compatibility Pack installed, the user will be informed that the document was signed by a
newer version of Microsoft Office and the digital signature will be lost, as seen in figure 1.
Figure 1: Warning that the digital signature is moved when opened in a earlier version of Office
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
8/22
-
8/14/2019 Office Documenst Signing
9/22
Figure 2: Office dialog box providing information about digital signatures
3. A Microsoft Office dialog box appears informing you that before you can add a
signature, you have to save the document in a format that supports digital
signatures. You can save the file in the new Office formats (.docx, .xlsx and .pptx) or
the old ones (.doc, xls and .ppt). Click Yes and the document will be saved the
format youve set as the default for the Office application.
Figure 3: Office dialog box providing information about document type required for signing
4. In the Save As dialog box, select a location to save the document and give the
document a name. Make sure that you save the document in the .doc or .docx
format. Click Save .
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
10/22
Figure 4: Selecting a location to save the document
5. In the Sign dialog box, you can enter a reason for signing the document in the
Purpose for signing this document text box. You can also leave this field blank if
you want. Note that there is a default user entered in the Signing as section. You
can change the signer of the document by clicking the Change button.
Figure 5: Providing a reason for the digital signature
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
11/22
6. The Select Certificate dialog box appears after clicking the Change button in theSign dialog box. If you have multiple user certificates, you can select one from this
box. This is most useful when you are using a shared computer. Before selecting one,
you can view details about the certificates, including issuer, expiration dates, the
certificate path and whether the certificate is trusted.
7. Click Cancel , then click Sign in the Sign dialog box.
Figure 6: Option for selecting an alternate certificate
8. The Signature Confirmation dialog box appears, informing you that the signature
was saved with the document and that if the document is changed, the signature willbecome invalid. Click OK to dismiss the dialog box.
Figure 7: Confirming that the document was signed
9. A Signatures task pane appears on the right side of the application window. In this
example there appears to be a problem with the signature, as indicated by theCertificate issues warning icon.
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
12/22
Figure 8: The Signatures task pane informs about certificate issues
10. Click on the problematic signature and then click the pull down arrow. Click
Signature details to discover the problem with the signature.
Figure 9: Investigating problems with the digital certificate
11. In the Signature Details detail box, there is information indicating that the problem
with the signature is that it is not trusted. The signature used in this example is a
self-signed certificate created by Microsoft 2007 Office system. This type of certificate
would typically be used in small and medium sized businesses that do not have a
public key infrastructure (PKI) in place. In the enterprise environment where there is
an established PKI, this problem would indicate that the machine this document is
being read on does not trust the CA that signed the users digital certificate. In this
example, we can choose to trust the users certificate by clicking the Click here to
trust this users identity .
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
13/22
Figure 10: Assessing issues with a digital certificate
12.After clicking Click here to trust this users identity , the Signature Details dialogbox indicates that the signature is valid. If you wish, you can see additional signing
information by clicking the See the additional signing information that was
collected link.
Figure 11: Verifying the valid signature
13. In the Additional Information dialog box, you can see information about what the
signature signs, the system date/time, the version of Windows, the version of
Microsoft Office, the version of the Office application signing the document, the
number of monitors on the machine, and the resolution of the primary monitor. Click
OK to dismiss this dialog box and then click Close in the Signature Details dialog
box.
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
14/22
Figure 12: Viewing additional information about the signed document
14. If there are no problems with the certificate, the certificate task pane will not appear.
However, if you want to view details of the signers and their certificates, you can click
the red ribbon icon in the status bar of the office application. This will enable the
Signatures task pane.
Figure 13: Digital signature indicator and enabling the Signature task pane
Add a Signature LineAnother way to add a digital signature to a document is to add one or more digital
signature lines. The following procedures describe how to create a digital signature line:
1. Click the Insert tab and then click the Signature Line button. The Signature Setup
dialog box appears. Enter information about the Suggested signer , Suggested
signers title , and Suggested signers e-mail address . Put a checkmark in the
Allow the signer to add comments to the Sign dialog if you want the signer to
add additional information into the signature line, and put a checkmark in the Show
sign date in signature line checkbox to add the date the document was signed inthe text box. Click OK .
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
15/22
Figure 14: Signature setup
2. A digital signature line now appears in the document. Double click the signature line
to provide more information.
Figure 15: The digital signature line
3. In the Sign dialog box you can type your name or if you have a table PC, you canwrite your name into the text box. If you dont have a tablet PC, but would like an
image of your actual signature to be included in the signature line, you can click the
Select Image link and insert a graphic file containing your handwritten signature. In
this example we will click the Select Image link to insert a graphic of an actual
signature.
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
16/22
Figure 16: Inserting the digital signature
4. In the Select Signature Image dialog box, select the image of your signature and
click the Select button.
Figure 17: Selecting the digital signature graphic
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
17/22
5. The image appears in the Sign dialog box. Before signing the document, you canenter a reason for signing the document in the Purpose for signing this document
text box. Click Sign to digitally sign the document.
Figure 18: Entering the purpose for digitally signing the document
6. The Signature Confirmation dialog box appears informing you that the digital
signature has been applied to the document.
Figure 19: Confirming the digital certificate was applied
7. Note in this example that there appears an Invalid signature warning in the
signature line box. Click Invalid signature to investigate reasons why the signature
is valid.
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
18/22
Figure 20: Warning that the signature may not be valid
8. In the Signature Details dialog box you will see that the certificate is not trusted.
You can choose to trust the certificate by clicking the Click here to trust this users
identity link.
Figure 21: Trusting the digital identity
9. After choosing to trust the signature, the Signature Details dialog box will confirm
that the signature is valid. Click Close .
Figure 22: Signature details confirms that the signature is trusted
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
19/22
10. The signature line no longer shows a problem with the certificate and the date thedocument was signed now appears above the signature line.
Figure 23: Signature line now reflects a trusted digital identity
www.microsoft.com/officei
-
8/14/2019 Office Documenst Signing
20/22
Digital CertificatesIn the above examples we used self-signed certificates. These are certificates that are
created by the Microsoft 2007 Office system and can be used to digitally sign and
encrypted Microsoft 2007 Office system documents. Self-signed certificates are typically
used by individuals and small businesses who do not wish to set up a public key
infrastructure for their organizations and do not want to purchase a commercial
certificate.
The primary drawback of using self-signed certificates is that they are only useful if youexchange documents with those who know you personally and are confident that you are
the actual originator of the document. With self-signed certificates, there is no third-party
that validates the authenticity of your certificate. Each person that receives your signed
document will need to decide on her own whether or not to trust your certificate.
Larger organizations have two other options that scale much better than self-signed
certificates. These are: Certificates created by a corporate public key infrastructure (PKI)
Commercial certificates
Organizations have the option to create their own PKI. In this scenario, the company sets
up one or more certification authorities which can create digital certificates for machines
and users throughout the company. When combined with Microsoft Active Directory, a
company can create a complete PKI solution so that all corporate managed machines
have the corporate certificate authority chain installed and both users and machines are
automatically assigned digital certificates for document signing and encryption. For more
information on using a Microsoft PKI, please see the Public Key Infrastructure for
Windows Server 2003 page at
http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx
Another option is to use commercial certificates. A commercial certificate is one that is
purchased from a company whose line of business is to sell digital certificates. The main
advantage of using commercial certificates is that the commercial certificate vendors
root CA certificate is automatically installed on Windows operating systems, which
enables these machines to automatically trust these certificate authorities. Unlike the
www.microsoft.com/officei
http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspxhttp://www.microsoft.com/windowsserver2003/technologies/pki/default.mspxhttp://www.microsoft.com/windowsserver2003/technologies/pki/default.mspxhttp://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx -
8/14/2019 Office Documenst Signing
21/22
corporate PKI solution, commercial certificates enable you to share your signeddocuments with users who do not belong to your organization.
There are three types of commercial certificates: Class 1 Class 1 Certificates are issued to Individuals with valid e-mail addresses.
Class 1 Certificates are appropriate for Digital Signatures, encryption, and electronic
access control for non-commercial transactions where proof of identity is not required Class 2 Class 2 Individual Certificates are appropriate for Digital Signatures,
encryption, and electronic access control in transactions where proof of identity based
on information in the Validating database is sufficient. Class 2 Device Certificates are
appropriate for device authentication; message, software, and content integrity; and
confidentiality encryption Class 3 Class 3 Certificates are issued to Individuals, Organizations, Servers,
Devices, and Administrators for CAs and RAs. Class 3 Individual Certificates are
appropriate for Digital Signatures, encryption, and access control in transactions
requiring a high assurance about the subscriber's identity. Class 3 Server Certificates
are appropriate for server authentication; message, software, and content integrity;
and confidentiality encryption
For more information on commercial certificates, please visit the Microsoft Office
Marketplace at http://office.microsoft.com/en-us/marketplace/EY010504841033.aspx
Companies that are interested in signing documents that are only shared among other
employees in the organization will prefer a corporate PKI to reduce costs. For companies
that wish to share signed documents with people outside their organization, a commercial
certificate may fit their needs best.
www.microsoft.com/officei
http://office.microsoft.com/en-us/marketplace/EY010504841033.aspxhttp://office.microsoft.com/en-us/marketplace/EY010504841033.aspxhttp://office.microsoft.com/en-us/marketplace/EY010504841033.aspxhttp://office.microsoft.com/en-us/marketplace/EY010504841033.aspx -
8/14/2019 Office Documenst Signing
22/22