question

RogerEggenberger-6110 avatar image
0 Votes"
RogerEggenberger-6110 asked RogerEggenberger-6110 commented

[MS-OVBA] V3 Signature Documentation?

Hi,

in this blog entry and KB5000676 a new VBA project signature scheme 'V3 signature' is mentioned.

However, it seems not to be documented in the currently available [MS-OVBA] - is there going to be a new version of [MS-OVBA] or is the 'V3 signature' scheme documented somewhere else?

Thanks,
roger


openspecs-office-fileformats
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Roger,

Thanks for the question. I'll look into this and get back to you.

Best regards,
Tom Jebo
Sr Escalation Engineer
Microsoft Open Specifications

0 Votes 0 ·

Hi Roger,

Thanks for your patience on this issue. I believe the relevant information for VBA projects would be in [MS-OFFCRYPTO] 2.5:

https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-offcrypto/2770c801-5f0f-4326-89e8-d6ef15b68ef1

However, I don't see any information specific to the V3 signature nor any new updates recently that would be related. I'll do some more digging and get back to you soon with an update.

Tom

0 Votes 0 ·

And the VBA digital signature information is common to Office apps and described in [MS-OSHARED] 2.3.2:

[https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-oshared/f80ee18c-d72f-4c3c-9ea5-a56f396322e0][1]

It should still be in the _signatures stream (for example, in the .dotm file for Word, that's where the VBA project is) and defined by the above structures.
As far as the V3 specific information, I'm still digging that out but should have it shortly.

Tom
[1]: https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-oshared/f80ee18c-d72f-4c3c-9ea5-a56f396322e0

0 Votes 0 ·

Question to you @RogerEggenberger-6110 , which application are you targeting for parsing the VBA project signature? Word, PowerPoint or Excel? PPT and Excel use an OLE property ([MS-OSHARED] 2.3.3.2.2.1 PIDDSI, specifically GKPIDDSI_DIGSIG) to store the VBA project digital signature. Word on the other hand stores the VBA sig in the _signatures stream of the normal.dotm.

Tom

0 Votes 0 ·

@RogerEggenberger-6110 Just checking with you to see if you're seeing these updates? I've not seen anything since your first post yesterday morning.

Tom

0 Votes 0 ·

1 Answer

TomJebo-9587 avatar image
0 Votes"
TomJebo-9587 answered RogerEggenberger-6110 commented

Hi @RogerEggenberger-6110,

Thanks for your patience on this issue.

The relevant parts for the VBA digital signature are:

[MS-OVBA]
2.4.2.3 - this has the Content Hash algorithm for the original signature version
2.4.2.4 - this has the Content Hash algorithm for the Agile signature version
This does not currently include the V3 content hash algorithm which will include more content.

[MS-OSHARED]
2.3.2.4.3.1 - this contains the digital signature information for the original signature version
2.3.2.4.3.2 - this contains the digital signature information for the Agile or V2 signature version
This also does not currently include the V3 signature algorithm

The V3 signature descriptions have not yet been published. I will post here again when I have an ETA for the new descriptions to be published in these documents.

Best regards,
Tom Jebo
Sr Escalation Engineer
Microsoft Open Specifications

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @TomJebo-9587,

thanks for the quick answer.

We will mostly parse Excel and Word and to a lesser extent Powerpoint.

I'm looking forward to the updated [MS-OVBA] and [MS-OSHARED] documentation with V3 signature algorithm.

Best regards,
roger

0 Votes 0 ·