Signing MS-Excel spread sheets

Berend Tober btober at seaworthysys.com
Sun Sep 4 18:45:00 CEST 2005 

Peter Pentchev wrote:

>On Fri, Sep 02, 2005 at 10:39:52PM -0400, Dan Mundy wrote:
>  
>
>>Berend Tober wrote:
>>    
>>
>>>I hate to admit that I still use MS-Excel rather than an open source
>>>spread sheet tool, but workplace requirements constrain my fate...
>>>Has anyone else managed a work-around for this flaw? (Aside from the
>>>obvious -- "Stop using MS-Excel!" -- because that is a failure I cannot
>>>control...)
>>>      
>>>
>>use openoffice.org: it is opensource and fully compatible with
>>microsoft. now it is a failure you can control. see
>>http://www.openoffice.org/dev_docs/instructions.html#win for how to
>>install it.
>>    
>>
>
>Hate to point out the obvious, but unfortunately, it just might be that
>Berend canNOT control whether his coworkers also use OpenOffice or MS
>Excel, in which case the problem of a coworker opening a signed
>spreadsheet and invalidating the signature still stands.
>
Indeed, and I even included in my original post "(Aside from the obvious 
-- "Stop using MS-Excel!" -- because that is a failure I cannot 
control...)".  Kids these days....

Anyway, I've looked at WinPT and GPGee and one other GUI wrapper around 
gnupg, but they all of course are victims of this MS Excel "feature", 
and furthermore none of them satisfy my other need to be able to support 
multiple persons signing any given document, either (cf. other mailing 
list message thread "Multiple signatures on a single file").

A little further roughhousing with the command line shows that a DOS 
batch file script with

gsign.bat:

@echo off
attrib +r %2
gpg -b -u %1 -o - %2>>%2.sig

accomplished 1) setting the target file read-only attribute, which 
prevents MS Excel from doing what ever it does to modify the file, 
despite the user's intention otherwise, and 2) satisfies my other need 
to be able to let multiple individuals sign a given document

Then a companion script

gverify.bat:

gpg --verify %1

will list the several valid signatures written to a file.

Of course, I really don't think anyone that isn't enough of a geek to 
appreciate the command line will be able to accept a solution like this 
for signing documents, even if it does eliminate the need for producing 
hard-copy document print outs just for the purpose of marking with a 
pen-and-ink signature.

Gosh, I might have to roll my own GUI.

More information about the Gnupg-users mailing list