Add Timestamping - Microsoft Office 2010, 2013, 2016 & 2019
May 12, 2023
Introduction
By default, when a digital signature is placed in Microsoft Office, the timestamp is based on the local computer's time. Because of this, the digital signature will expire when the Certificate expires. In order to enable long term validity of signatures in Microsoft Office, a valid 3rd party RFC-3161 compliant timestamp must be applied to the signature at the time of signing. Since the timestamp comes from a 3rd party, it can definitively attest to the date & time at which the signature was placed, enabling long term validity. Think of it like a digital notary.
NOTICE: Enabling timestamping in Microsoft Office requires editing the system registry. Editing the registry carries risk if incorrect values are entered. Editing the registry incorrectly may cause system instability and you do so at your own risk. Information in this article is based off of the following Microsoft articles:
Prerequisites
- Microsoft Office 2010 or 2013
- Permission to edit the registry
- A PersonalSign or AATL Certificate
- Timestamping services with GlobalSign
Instructions
- Go to Start Menu > Run
- Type regedit and press Enter
- Navigate to the folder that corresponds to your office version:
Office 2010:
HKEY_CURRENT_USER > Software > Microsoft > Office > 14 > Common > Signatures
Office 2013:
HKEY_CURRENT_USER > Software > Microsoft > Office > 15 > Common > Signatures
Office 2016/2019:
HKEY_CURRENT_USER > Software > Microsoft > Office > 16 > Common > Signatures
- Right Click the white-space on the right side and choose New > DWORD
- Name it XadESLevel and enter a value of 2:
- Create another DWORD and this time title it MinXAdESLevel with a value of 1.
- Finally, right click again and select New > String Value and enter the timestamp URL provided by your GlobalSign Account Manager
- The resulting registry settings should look like this:
- When you place a signature with office, and look at the signature properties, if it is timestamped by a 3rd party it will be in the XadES-T format: