Sign Excel Macros with Signtool using AppViewX CSP

Prerequisites

Download and install Microsoft Office Subject Interface Packages for Digitally Signing VBA Projects
Download and install Visual C++ 2010
Run the AppViewX SIGN+ Installer to install the prerequisites required to use the AppViewX CSP with Signtool.

Set up macro signing

Once you install all required tools, open a command prompt in Administrator mode. Next, run the commands:

regsvr32.exe <complete path to msosip.dll>

regsvr32.exe <complete path to msosipx.dll>

If successful, you will see a message: "DIIRegister Server in <complete file path> succeeded."

Signing with SignTool

Use the SignTool present in the path C:\Program Files (x86)\Windows Kits\10\bin\<version>\x86 to sign Excel macros. To sign, use the command:

<path_to_32bit_signtool.exe> sign /f <path to certificate>  /fd <digest algorithm>  /csp <csp_name> /k <key_alias_name> /tr <timestamp_url> /td <timestamp digest algorithm>  <input_file_path>

/f <path to certificate>: Path to your code-signing certificate.
/fd <digest algorithm>: Specifies the hashing algorithm.
/csp <csp_name>: Name of Cryptographic Service Provider (CSP).
/k <key_alias_name>: Key Container Name.
/tr <timestamp_url>: Provides a timestamp from a trusted timestamping authority.
/tr <timestamp_digest>: Specifies the timestamping Digest algorithm.
<input_file_path>: Path to the file to be signed.

The <path to certificate>, <digest algorithm>, <csp_name>, <key_alias_name>, <timestamp_url>, <timestamp_digest> parameters are auto generated based on the signing policy configurations in the README after running the SIGN+ Installer.

Verification with SignTool

Command:

<path_to_32bit_signtool.exe> verify /v /pa <input_file_path>