Understanding Digital Signatures [Office 2003 SDK Documentation]

A digital signature is an electronic, cryptographic-based, secure stamp of authentication. This signature confirms that a particular component originated from the signer and has not been altered. When you add a digital signature to your components, you are, in effect, telling your users who you are and promising them that the code contained in those components is safe. This can help to provide your users with a measure of security.

Digital signatures are produced by using a digital certificate, which is a digitally signed statement that contains information about you or your organization and your public key, thus binding these two pieces of information together.

The testing section of this SDK shows you how to create a temporary digital certificate for testing purposes. However, in order to digitally sign the code in your smart document solution files for public distribution, you will need to purchase a valid certificate from a certification authority.

A detailed discussion of digital signatures and digital certificates is beyond the scope of this SDK. However, following you will find information about where you can obtain a digital certificate and where you can find additional resources about digital signatures and digital certificates.

Obtaining a digital certificate

Independent software vendors can obtain valid digital certificates from VeriSign, GTE, or another certification authority, which they can use to digitally sign code components that they distribute to the public. For a list of vendors, see Microsoft Root Certificate Program Members.

For more information on digital signatures, how to obtain digital signatures, and how to digitally sign code components, see the following references on the Office Developer Center Web site on MSDN®, the Microsoft Developer Network.

• **Introduction to Code Signing
• Digital Code Signing Step-by-Step Guide.
• Frequently Asked Questions About Authenticode