Support signing VBA with newer types of signature

[craigbrown]

As of the latest version of Excel, there are three types of VBA signature: Legacy signature - this is the same signature format that has been supported in Office in past versions. Stored as xl/vbaProjectSignature.bin. Agile signature - supported since Office 2016. Stored as xl/vbaProjectSignatureAgile.bin. V3 signature - supported since 2020.7 (Office 365). Stored as xl/vbaProjectSignatureV3.bin.

They are cumulative - e.g. if you have the V3 file, the Agile and legacy files will also be there.

Currently, EPPlus only writes the legacy signature.

There is a Windows policy setting called "Only trust VBA macros that use V3 signatures", so it's good to have all three in there in case this is enabled. We've also found it's becoming more important to start signing our VBA since Microsoft started blocking macros by default very recently.

Could EPPlus support writing these additional types of signature? Many thanks!

[JanKallman]

We will try to look at this for a future version. I'll add this as an enhancement.

[craigbrown]

Hi, I noticed this was listed in the changelog for v6.1. I've just tested it and it seems to work, so thank you!

However, I did notice that an exception is produced upon saving the package if the workbook didn't already contain VBA when it was opened with EPPlus - i.e. if you create a VBA project via ExcelWorkbook.CreateVBAProject() and then try to add a certificate on top of that. I was just doing this to test it, so this doesn't actually affect us in practice - but thought I'd let you know.

Thanks again!

[JanKallman]

Sorry about that and thanks for reporting it. I will provide a fix shortly.

[JanKallman]

Added in EPPlus 6.1.1