|08 Dec 2009||#1|
Digital Signitures in Office 2010
Hello, my name is Shelley Gu and I am a Program Manager on the Trustworthy Computing Security team. Iíd like to introduce some new features we have added to digital signatures in Office 2010. First Iíll briefly explain what digital signatures are and how to use them, and then Iíll dive into the details about how they work in Office 2010.
What are digital signatures?
More and more business transactions are being conducted electronically. Consequently, digital signatures are being used increasingly to legally bind relying parties to their transactions. A digital signature is used to verify the identity of the person who signed the document, and confirms that the content was not modified after the digital signature was applied to the document. Digital signatures provide security based in encryption technologies and help mitigate risk associated with electronic business transactions. With improvements to digital signing, Office aims to meet the information security needs of enterprises and public sector entities worldwide.
To create a digital signature, you must have a digital certificate, which proves your identity to relying parties, and should be obtained from a reputable certificate authority (CA). If you do not have a digital certificate, Microsoft has partners that provide digital certificates as well as other advanced signature services that are integrated into Office at the Office Marketplace.
Inserting a digital signature
In Word, Excel and PowerPoint 2010, a digital signature can be added by going to the Office Backstage View:
A signature line or signature stamp can be added in Word, Excel, and InfoPath by going to the Insert Tab:
A signature line looks like this:
A signature stamp (more commonly used in Eastern Asia) looks like this:
How do signatures work in Office?
Office 2007, and later versions, use an open signing standard called XML-DSig that replaces the less advanced binary signatures from Office 2003 and earlier versions. XML-DSig represents a signature in a mostly human-readable XML format. For more information on XML-DSig, see http://www.w3.org/Signature.
Office 2010 digital signatures are able to use advanced algorithms (like the elliptic curve public key algorithm) supported by Windows Vista and later. All supported operating systems also allow the use of more robust hashing algorithms, like SHA-512.
The most immediate problem with digital signatures is that the certificate you use will expire Ė usually in as little as one year. After the certificate has expired, no one should trust the signature. If you want to be able to trust a signature over a longer period, then you must keep copies of the information needed to validate the certificate. You might also need to worry about the cryptography becoming obsolete.
Fortunately, a solution to these problems is available in an extension to the XML-DSig standard called XAdES.
What is XAdES?
XAdES (XML Advanced Electronic Signatures) is a set of tiered extensions to XML-DSig, the levels of which build upon the previous to provide more and more reliable digital signatures.
By implementing XAdES, Office complies with the European Union Advanced Electronic Signature Criteria in Directive 1999/93/EC as well as a new Brazilian government directive which defines XAdES as the accepted standard for digital signing in Brazil.
Office 2010 can create different levels of XAdES signatures on top of XML-DSig signatures:
The Office 2010 Beta only creates up to and including XAdES-T signatures, but Office 2010 RTM will be able to create all the signatures in the above table.
Time stamping and XAdES-T signatures
Time stamping digital signatures (XAdES-T signatures) is an important scenario we focused on in Office 2010. In order to create a time stamped signature, youíll need to:
Creating XAdES signatures in Office 2010 RTM
By default, Office 2010 creates XAdES-EPES signatures. Registry settings are used to specify the level of signatures to create. There are two registry settings to control the type of signature Office creates, XAdESLevel and MinXAdESLevel.
The MinXAdESLevel setting allows you to ensure that created signatures meet your required XAdES level. A XAdES-T or higher signature will fail if the timestamp server isnít available, and a XAdES-C or higher signature will fail if revocation information isnít available. Having a minimum setting allows scenarios where you could attempt a XAdES-X-L signature, but fall back to XAdES-EPES if the timestamp server is down.
To create XAdES-T signatures and above you will need to provide Office with a time stamp server to query for time stamps:
Recommendations for XAdES signatures
If you want to create XAdES signatures, we recommend using one of three levels:
Sam wants to create XAdES-X-L signatures. If this is not possible, he is willing to accept any signature that is at least a XAdES-T signature. He sets:
Creating XAdES Signatures in Office 2010 Beta
As mentioned previously, Office 2010 Beta is only able to create up to XAdES-T signatures because we added the rest of the XAdES work in after the Beta. The XAdESLevel registry setting we explained above still applies, but the maximum level is 2 (XAdES-T). TheMinXAdESLevel setting isnít present, but you can only create two types of XAdES signatures Ė with and without a timestamp, which is controlled by the TimestampRequired setting (which isnít present in the RTM version).
To create a XAdES-T signature, you will additionally need to set TimestampRequired (below) and TSALocation (see explanation above):
The XAdES feature is one of many security enhancements we have made to Office 2010. Thanks for reading, and we look forward to hearing your feedback!
|My System Specs|
|Similar help and support threads|
Find Office 2010 Updates, When Office 2010 Isn't Installed?
I don't know if maybe I'm the only one who runs into this problem or if it happens to a lot of people, but it seems to come up a lot for me. I have had this issue on many computers but right now I am setting up an old Dell Latitude E5510 for an employee and I have reformatted, installed all...
Office 2010 Office File Type Descriptions & Icons Incorrect
Okay, I've never posted on anything like this before so bear with me please. I've got an issue and it's driving me nuts because I can't resolve it. I'll try and give a description of what I did. Any help would be greatly appreciated! I purchased a new Dell computer (Windows 7 Home Premium...
Microsoft Office 2010/ Replace Office 2010
:DI have Windows 7 Home Premium 64 and Microsoft Office 2007 Small Business. I will be receiving Office 2010 Professional Plus. Do I have to uninstall Office 2007 Small Business or can I install Office 2010 over it. What is the best way to handle the upgrade. I have a lot of files on word and...
Office 2010(Win7, 64bit) won't open Office 2007(WinXPr3 32 bit) files
Just bought a new laptop with Windows7 64bit installed-my first exposure to Windows7. I had Office 2007 installed on my old Dell 32 bit machine. I had also recently pruchased Office 2010 and installed that on my new machine. Now, when I try to open those 32bit 2007 files with 64bt 2011, Iget...
File Validation from Office 2010 to Office 2003 and Office 2007
File Validation from Office 2010 to Office 2003 and Office 2007 - Softpedia
Office 2010 Pro Plus Win7 x 64 Excel reconfigures Office 2010
It seems that there may be a problem in Office 2010. I just installed it to the standard MS default/recommended settings .........all looked good...used Word great..until I use Excel and each time I try to use excel it sets off an 'Office Configuration' screen which I can not stop..it take a few...
© Designer Media Ltd
All times are GMT -5. The time now is 14:36.