The capability to digitally sign documents using X.509 PKI has been added to Office XP. This feature is available in Word and Excel.
Document signing is enabled through the "Tools->Options->Security->Digital Signature->Add" button. Office will allow signing of documents using keys from the Windows OS keystore shared with Internet Explorer (also know as "CAPI"). Keys generated by another browser need to be exported and imported into the CAPI keystore.
Documents can be signed with keys and certificates generated by non-Microsoft Certificate Authority products. For example, keys and certificates from the Dartmouth College Sun One CA worked. It will work with keys stored on a Rainbow Technology iKey hardware token.
The signing capabilities of Office XP are straight-forward. The whole document may be signed with one signature. A new signature will overwrite the old signature. (some other products for example support signed sections of a document and multiple signatures) Signing capabilities are not included in the MacOS version of Office X.
There is an Office XP feature to protect forms with a password. This feature can be accessed from the "Tools->Protect Document" menu item. It's possible this could be used to password-protect a form so that the immutable sections stay that way. Whoever fills out the form would sign the completed document and not knowing the password would keep the form from being altered.
Opening a signed document puts a tiny red ribbon icon at the bottom of the window which shows that the document has been successfuly verified.
If you open a signed document on a Mac, the document is marked "Read-only", but there doesn't seem to be a way to tell that it is signed, or verify the signature.
Encryption of a file is not done with PKI in Office XP. A password based protection is available.
Dartmouth College PKI Lab
Last update: 17 Jul 2003