SignTool による Excel マクロ署名
SignTool is a command-line tool provided by Microsoft as part of the Windows SDK (Software Development Kit). It is used to digitally sign files, including executable files, libraries (DLLs), drivers, installer packages, and other types of files on the Windows operating system.
Follow these instructions to sign directly using SignTool and securely reference your private key stored in Software Trust Manager. Alternatively, integrate SignTool with Signing Manager Controller (SMCTL) for simplified signing.
ヒント
SignTool does not support all characters in sign commands, review the following:
Supported characters:
@ % ( ) - _ = [ ] { } ;Unsupported characters:
! # $ ^ & + ` '
To avoid errors, remove unsupported characters from file paths before attempting to sign.
Prerequisites
Windows operating system
Subject Interface Package for Microsoft Officeをダウンロードし、インストールします。
ヒント
For Excel macro signing, the 32-bit Office SIPs are required, even on 64-bit Windows systems.
You may install both 64-bit and 32-bit Office SIPs, but the 32-bit version must be present for the steps in this document.
If you install only one version, install the 32-bit Office SIPs.
Download and install Visual C++ 2010
Download and configure Software Trust Manager clients
Keypair alias
Download a copy of your certificate or use the certificate fingerprint
マクロ署名のセットアップ
必要なツールをすべてインストールしたら、管理者モードでコマンドプロンプトを開きます。次に、以下のコマンドを実行します。
The Office SIP installer includes the following DLLs:
msosip.dll
msosipx.dll
These DLLs are installed in the directory you selected during the Office SIP installation.
ヒント
Use the 32-bit versions of msosip.dll and msosipx.dll.
If you installed both 64-bit and 32-bit Office SIPs, ensure the paths below reference the 32-bit installation directory.
To register the Office SIPs with Windows, run:
regsvr32.exe <complete path to msosip.dll>
regsvr32.exe <complete path to msosipx.dll> If successful, you will see the message: DllRegisterServer in <complete file path> succeeded.
マクロに署名する
Excelのマクロに署名するには、C:\Program Files (x86)\Windows Kits\10\bin\<version>\x86 にある SignTooLを使用します。署名するには、コマンドを使用します:
To sign, use the command:
<Path_to_32_bit_signtool.exe> sign /csp "DigiCert Signing Manager KSP" /kc "<keypair alias>" /f certname.crt /v /debug /fd SHA256 macroname.xlsm
ヒント
"DigiCert Signing Manager KSP"must remain exactly as shown and must not be changed."<keypair alias>"must be replaced with the actual alias of your keypair.Signing will fail if the keypair alias does not match an available private key in your Software Trust Manager account.
署名済みファイルを検証する
ファイルを検証するには、以下のコマンドを使用します。
<Path_to_32_bit_Signtool.exe> verify /pa macroname.xlsm
Common errors and solutions for signing excel macro projects with SignTool
"This file format cannot be signed because it is not recognized"
Error
"This file format cannot be signed because it is not recognized"
Cause
Office SIPs are missing, incorrectly registered, or the 64-bit DLLs were used instead of the required 32-bit versions.
Solution
Ensure that the 32-bit Microsoft Office SIPs are installed.
Register the 32-bit versions of the Office SIP DLLs by running the following commands from an Administrator command prompt:
regsvr32.exe <complete path to 32-bit msosip.dll> regsvr32.exe <complete path to 32-bit msosipx.dll>
Retry the signing operation.
"No private key is available"
Error
"No private key is available"
Cause
The keypair alias specified in the SignTool command does not match the keypair alias in your Software Trust Manager account.
Solution
Verify the keypair alias in your Software Trust Manager account.
Update the SignTool command to use the exact matching keypair alias.
Retry the signing operation.