I’ve spoken about Certificate Authorities and Certificates already. Remember that Certificates include: a public key, the owner and a digital signature. Well you’ve probably asked “what is a digital signature” and how do you “digitally sign” a certificate?

A digital signature is basically some value, a checksum. It is a data value based on a block of data and a private key. The digital signature associates the data with the owner of a specific private key. You can be confident that the person indicated as the owner of a specific private key is not an imposter. You can safely open the email you received from the “certificated” owner then respond to that person, the owner, without fear or apprehension that the email will go to the wrong person. This also allows you to trust that the contents of the email were written and encrypted by the owner of the private key.

If you decrypt a message successfully with a particular public key – a key that was certified by means of a digitally signed certificate – then you can certain that it could have only been encrypted with the corresponding private key.

You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or Thawte, or from your internal security administrator or Information Technology (IT) professional. Or, you can create a digital signature yourself using a tool such as Selfcert.exe. SelfCert.exe is installed as part of Office XP and can be found in C:Program FilesMicrosoft OfficeOffice10

Keep in mind that certificates you create yourself are considered unauthenticated and will generate a warning in the Security Warning box if the security level is set to High or Medium. Microsoft Office will only trust a self-signed certificate on a computer that has the private key for that certificate available which is usually only the computer that actually created the certificate, unless the private key was shared with other computers. Any macro projects that you create and sign by using such certificates are considered to be self-signed projects.

If you wish to use digital certificates that are signed by commercial certification authorities, such as VeriSign, Inc., you or your organization must submit an application to that authority. You can also get a list of Microsoft trusted third-party commercial certificate authorities at http://msdn.microsoft.com/en-us/library/ms995347.aspx.