Since Microsoft office 2007 adopted the OpenXML format as a standard for documents, spreadsheets and presentations, the digital signing format is now based on XML also called XMLDsig.
Office 2010 suite supports the advanced signature standards for XML called XAdES and a range of more complicated digest algorithms such as SHA-256 and SHA-512.
However, the default option remains a basic compliance with XMLDsig which has many drawbacks in respect to issues related to long term verification, certificate injection e.t.c
To set manually the security settings - open the registry editor and navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Signatures
Create a DWORD entry:
XAdESLevel
The values can be:
0 - No XAdES
1 - XAdES - EPS
2 - XAdES - T (for digital timestamping)
3 - XAdES - C
4 - XAdES - X
5 - XAdeS - X - L
Create a DWORD entry:
MinXAdESLevel
The values can be
0 - No minimum level
1 - Minimum level is XAdES EPS
2 - Minimum level is XAdES - T
3 - Minimum level is XAdES - c
4 - Minimum level is XAdES - X
5 - Minimum level is XAdES - X - L
Create a String entry:
SignatureHashAlg
The values can be
sha1
sha256
sha384
sha512
Create a String entry:
TSALocation
The value should be a URL to an RFC 3161 compliant time-stamp authority service.
Visit http://www.comsigntrust.com for advanced e-signing solutions.
office and microsoft took a vacation...
ReplyDelete