Article ID: 297142 - Last Review: June 12, 2007 - Revision: 6.2

Description of digital certificates for Visio 2002 and for later versions of Visio

View products that this article applies to.
This article was previously published under Q297142

On This Page

Expand all | Collapse all

SUMMARY

This article is a general overview of digital certificates and how they relate to digitally signed Visio macros, signed programs, and Microsoft ActiveX controls. This article answers the following questions:
  • What is a digital certificate?
  • What is a signature? Why do we need them?
  • What happens with each security level?
  • How can I get a signature?
Back to the top

MORE INFORMATION

What is a digital certificate?

Digital signatures and certificates of authenticity can be applied to executable programs, ActiveX controls, or Visual Basic for Applications macros. These signatures provide you with the assurance that what you are about to use comes from a reliable source and that it has not been tampered with. Digital certificates help to prevent macro viruses from being introduced into your Visio drawings, your computer, and your local network.

A digital certificate is an identification (ID) that is carried with a file. To validate a signature, a certifying authority validates information about the software developers and then issues them digital certificates. The digital certificate contains information about the person to whom the certificate was issued, as well as information about the certifying authority that issued it. When a digital certificate is used to sign programs, ActiveX controls, and Visual Basic for Applications (VBA) macros projects, this ID is stored with the signed item in a secure and verifiable form so that it can be displayed to a user to establish a trust relationship.
Back to the top

What is a signature? Why do we need them?

Microsoft Visio has introduced digital signatures to help users distinguish legitimate code from undesirable and potentially damaging code. If you open an Visio drawing or template and see a macro security warning with digital signature information, you can feel reasonably confident that the person (or corporation) signing the macros also created them. You can choose to trust all macros signed by this person by clicking to select the Trust all macros from this source check box. From then on, Visio enables the macros without showing a security warning for any documents containing macros signed by this trusted source.

A digital signature is the public certificate plus the value of the signed data encrypted by a private key. The value is a number generated by a cryptographic algorithm for any data that you want to sign. This algorithm makes it nearly impossible to change the data without changing the resulting value. So, by encrypting the value instead of the data, a digital signature allows the end user to verify the data was not changed.
Back to the top

What happens with each security level?

To take advantage of the benefits of digital signatures for macros, Visio introduces security levels similar to other Office products.

Visio 2007

To set the security level in Visio 2007, click Trust Center on the Tools menu. The security levels in Visio 2007 are outlined in the following table.
Collapse this tableExpand this table
SettingDescription
Disable all macros without notificationClick this option if you do not trust macros. All macros in documents and security alerts about macros are disabled. If there are documents that have unsigned macros that you do trust, you can put those documents into a trusted location. Documents in trusted locations are allowed to run without being checked by the Trust Center security system.
Disable all macros with notificationThis is the default setting. Click this option if you want macros to be disabled, but you want to receive security alerts if there are macros present. Then, you can choose when to enable those macros on a case-by-case basis.
Disable all macros except digitally-signed macrosThis setting is the same as the Disable all macros with notification option. Except, when the macro is digitally signed by a trusted publisher, the macro can run if you have already trusted the publisher. If you have not trusted the publisher, you are notified. In this manner, you can choose to enable those signed macros or trust the publisher. All unsigned macros are disabled without notification.
Enable all macros (not recommended, potentially dangerous code can run)Click this option to allow all macros to run. This setting makes your computer vulnerable to potentially malicious code and is not recommended.
Trust access to the VBA project object modelThis setting is for developers only.

Visio 2003 and Visio 2002

To set the security level in Visio 2003 and in Visio 2002, point to Macro on the Tools menu, and then click Security. The security levels in Visio 2003 and in Visio 2002 are outlined in the following table.
Collapse this tableExpand this table
SettingDescription
Very HighOnly macros installed in trusted locations will be allowed to run. All other signed and unsigned macros are disabled.
HighOnly signed macros from trusted sources will be allowed to run. Unsigned macros are automatically disabled.
MediumYou can choose whether to run potentially unsafe macros.
Low (Not recommended)You are not protected from potentially unsafe macros. Use this setting only if you have virus scanning software installed, or you have checked the safety of all documents that you open.
Back to the top

How can I get a signature?

To obtain a digital signature, first, you need to get a digital certificate. One option is to get a fully certified certificate from a certificate authority. Both individuals and commercial entities can obtain a commercially authenticated certificate for their code. To learn about the application process and requirements, see Introduction to Code Signing at the Microsoft Authenticode Web site. A list of Certificate Authorities is provided at the following Microsoft Web site:
http://msdn2.microsoft.com/en-us/library/ms537361.aspx (http://msdn2.microsoft.com/en-us/library/ms537361.aspx)
A Certificate Authority can issue you a digital certificate for code signing for a fee. The Certificate Authority will do an in-depth identification check before issuing a digital certificate for signing code. Be sure to get a digital certificate that can sign code with Microsoft Authenticode (Verisign calls this Class 2 or 3; Thawte calls this Developer Certificates), rather than one that can only sign e-mail. If you try to use a digital certificate that is not authorized to sign code, Visio warns that the digital certificate is not trustworthy. The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Back to the top
APPLIES TO
  • Microsoft Office Visio Professional 2007
  • Microsoft Office Visio Standard 2007
  • Microsoft Office Visio Professional 2003
  • Microsoft Office Visio Standard 2003
  • Microsoft Visio 2002 Professional Edition
  • Microsoft Visio 2002 Standard Edition
Back to the top
Keywords: 
kbexpertisebeginner kbdigitalsignatures kbdigitalcertificates kbautomation kbdtacode kbhowto kbinfo KB297142
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers