VbaProject.Sign throws NotImplementedException when using X509Certificate2

Signing a VbaProject only works when the DigitalSignature is created from certificate bytes and password.
When a DigitalSignature is created from an existing X509Certificate2 then Sign throws a NotImplementedException.
I want to resign a VbaProject with a certificate from the windows certificate store (last code example).

This does work:

var digitalSignature = new DigitalSignature(File.ReadAllBytes("signing.p12"), "1234", "Signing Digital Signature using Aspose.Cells", DateTime.UtcNow);
workbook.VbaProject.Sign(digitalSignature);

This does not work:

var cert = new X509Certificate2(File.ReadAllBytes("signing.p12"), "1234");
var digitalSignature = new DigitalSignature(cert, "Signing Digital Signature using Aspose.Cells", DateTime.UtcNow);
workbook.VbaProject.Sign(digitalSignature);

This does not work:

using var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates.Find(X509FindType.FindByThumbprint, "1234", false);
var cert = certs[0];
var digitalSignature = new DigitalSignature(cert, "Signing Digital Signature using Aspose.Cells", DateTime.UtcNow);
workbook.VbaProject.Sign(digitalSignature);

@kaiwachter,

Which version of Aspose.Cells for .NET you are using? Please try our latest version/fix. I tested your scenario/case using our latest version/fix: Aspose.Cells for .NET v22.6.1 (Download | NuGet), it works fine and as expected. I used the following sample code with a certificate file.
e.g.
Sample code:

            Workbook workbook = new Workbook();

            var certificate = File.ReadAllBytes("e:\\test2\\digitalsig\\cert1.pfx");
            var password = "1q2w3e4r5t";

            var cert = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate, password);
            var digitalSignature = new Aspose.Cells.DigitalSignatures.DigitalSignature(cert, "Signing Digital Signature using Aspose.Cells", DateTime.UtcNow);
            workbook.VbaProject.Sign(digitalSignature); 

I am using the latest 22.6.1 version on NET 6:

 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
     <TargetFramework>net6.0</TargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
   </PropertyGroup>
 
   <ItemGroup>
     <PackageReference Include="Aspose.Cells" Version="22.6.1" />
   </ItemGroup>
 
 </Project>

@kaiwachter,

Could you please share a standalone sample (.NET6) project (source code without compilation errors) with certificate or other resource files, zip the project to reproduce the issue on our end. We will check it soon.

Here is a sample project ConsoleApp14.zip (4.1 KB) toggle the comments of the two DigitalSignature instantiations.

It includes a certificate which is compatible with the new V3 signature for VBA projects.

Regarding the V3 signature, I currently get this warning: image.png (25.0 KB)

Which says: “Warning: The digital signature was manipulated after signing the content. You should not trust this content.”

Would be nice if this can be fixed too.

https://support.microsoft.com/en-us/topic/upgrade-signed-office-vba-macro-projects-to-v3-signature-kb5000676-2b8b3cae-ad64-4b4b-aa85-c4a98ca6da87

@kaiwachter,

Thanks for the sample project and certificate file.

I have logged a ticket with an id " CELLSNETCORE-397" for your issue. We will look into it soon. By the way, when I use your sample code with your certificate file in a common .NET (e.g., 4.0) project, it works fine.

Once we have an update on it, we will let you know.

@kaiwachter

Using an existing X509Certificate2 instance to sign VBA project is not supported in .NetStandard/.NetCore. It maybe refer to a package System.Security.Cryptography.Pkcs.

The DigitalSignature created from certificate bytes and password is suggested.

Please try to export the cert to bytes first:

var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
var certs = store.Certificates.Find(X509FindType.FindByThumbprint, "1234", false);
var cert = certs[0];
//export cert to bytes first, then create DigitalSignature from bytes and password
var digitalSignature = new DigitalSignature(cert.Export(X509ContentType.Pkcs12, "1234"), "1234", "Signing Digital Signature using Aspose.Cells", DateTime.UtcNow);
workbook.VbaProject.Sign(digitalSignature);

The only limitation is that the cert must be marked as Exportable when the cert is imported, otherwise the exception Key not valid for use in specified state. will be thrown.

Please try it on your side, and let us know your feedback.

We can see the issue, and a separate ticket CELLSNETCORE-398 is logged. If we have some progress, we will notify you.

Hi @kaiwachter
We’re evaluating and testing for System.Security.Cryptography.Pkcs.

If we have some progress, we will notify you.

@kaiwachter,

We are pleased to inform you that the issue is resolved now. The fix will be included in Aspose.Cells v22.7, which will be released in the next few days. Please note, in Aspose.Cells v22.7, you would need to add the following nuget packages to your project reference:
“System.Text.Encoding.CodePages” version=“4.7.0”
“System.Drawing.Common” version=“4.7.0”
“System.Security.Cryptography.Pkcs” version=“6.0.1”

You will also be notified once the new version is released.

Hi @kaiwachter
Please get Aspose.Cells 22.7 to fix this issue. You may get it from nuget.

@kaiwachter

Please add a newline \n at the end of module codes in your code, the vba signature will be OK/validated.
So, change the code line from
workbook.VbaProject.Modules[i].Codes = "Sub test()\nEnd Sub";
to
workbook.VbaProject.Modules[i].Codes = "Sub test()\nEnd Sub\n";

Please let me know whether it is OK on your side.

A thanks, I didn’t know that. Yes, that works for us!

@kaiwachter,

Thanks for your feedback.

Good to know that the suggested line of code works for your needs. Feel free to write us back if you have further queries or comments.