eSigner CKA (Cloud Key Adapter) is a Windows application leveraging the CNG interface (KSP Key Service Provider), enabling tools like certutil.exe and signtool.exe to access the eSigner Cloud Signature Consortium (CSC)-compliant API for enterprise code signing. Functioning as a virtual USB token, it loads code signing certificates into the Windows certificate store.
Requirements
- Purchase an SSL.com code signing Certificate
- Enroll your code signing certificate in eSigner
- Download and install eSigner CKA
Download and install Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects using this link: https://www.microsoft.com/en-us/download/details.aspx?id=56617
Note: Some users may encounter a failure in signing because VBA offers a SHA1 hash of the code to send to eSigner but eSigner requires SHA256 or greater. To resolve this. Microsoft recommends the following:
You can add a DWORD registry key-value V1HashEnhanced to choose another hash algorithm, under HKCU\SOFTWARE\Microsoft\VBA\Security with value-algorithm rules (1 to SHA1, 2 to SHA256, 3 to SHA384, 4 to SHA512).
Steps to Sign
Once installed, perform the following steps:
- Open an administrator command prompt and type the following, the path will be where you just installed the files:
regsvr32.exe <complete path to example.dll>
regsvr32.exe <complete path to example.dll>
For more information on how to register OLE controls, visit Microsoft’s website.
If successful, you will see a message: “DIIRegister Server in <complete file path> succeeded.” - Install the following: download.microsoft.com/download/C/6/D/C6D0FD4E-9E53-4897-9B91-836EBA2AACD3/vcredist_x86.exe
- Install eSigner CKA
Run SignTool command to sign macros based on this guide: https://www.ssl.com/how-to/automate-ev-code-signing-with-signtool-or-certutil-esigner/#components-of-the-command-line