Makros automatisiert signieren?

using System;
using System.IO;
using System.Windows.Forms;
using OfficeOpenXml;
using System.Security.Cryptography.X509Certificates;

private void SignAllWorkbooksInFolder() {
    // ----------------------------------------------------------
    const string CERTPATH = @"C:\certificates\codesign.p12";  
    const string CERTPASS = @"GEHEIM";  
    const string WORKBOOKPATH = @"D:\Pfad\zu\den\xlsm";  
    // ----------------------------------------------------------
    // build certificate object
    X509Certificate2 cert = new X509Certificate2(CERTPATH, CERTPASS, X509KeyStorageFlags.PersistKeySet);
    //for each Makro-Project *.xlsm
    foreach (string file in Directory.GetFiles(WORKBOOKPATH,"*.xlsm")) {  
        try {
            // sign workbook and store it with extension '_signed' in same directory 
            SignWorkbook(file, Path.Combine(Path.GetDirectoryName(file), Path.GetFileNameWithoutExtension(file) + "_signed.xlsm"), cert);  
        }catch(Exception ex) {
            MessageBox.Show("Error: " + ex.Message);  
        }
    }
}
// sign workbook function with OfficeOpenXML Module
private void SignWorkbook(string SourcePath, string TargetPath, X509Certificate2 cert) {
    using (ExcelPackage xl = new ExcelPackage(new System.IO.FileInfo(SourcePath))) {
        using (ExcelWorkbook wb = xl.Workbook) {
            wb.VbaProject.Signature.Certificate = cert;
            xl.SaveAs(new System.IO.FileInfo(TargetPath));
        }
    }
}

regsvr32 msosipx.dll

signtool.exe sign /f "Meincert.pfx" /p "Geheim" /t http://timestamp.verisign.com/scripts/timstamp.dll "D:\Datei.xlsm"

Microsoft Office Subject Interface Packages (SIPs)

WHAT THIS PACKAGE CONTAINS

	msosip.dll - Subject Interface Package library to facilitate the signing and verification of
		signatures for VBA projects contained in legacy Office file formats.
	msosipx.dll - Subject Interface Package library to facilitate the signing and verification of
		signatures for VBA projects contained in OOXML Office file formats.
	offclearsig.exe - Tool for removing existing signatures for VBA projects from Office file
		types supported by the included SIPs.
	vbe7.dll - VBE7 runtime library, which is used in the process of generating and validating the
		signatures for the VBA projects during signing or signature verification.
	eula.txt - Licensing terms. If you do not agree to the terms specified in this file, do not use
		the binaries in this package.
	readme.txt - Information on the purpose and use of the files in this package.

WHAT THESE COMPONENTS ARE FOR

	Subject Interface Packages (SIPs) are libraries that integrate with the Windows cryptographic
	stack to allow for the signing and verification of file types not natively understood by the
	default Windows cryptography components. Once the SIP is registered with the system, the file
	types supported by the SIP can be signed and verified using tools (such as signtool.exe) that
	would normally be used to perform these operations on standard executable modules (such as EXEs
	or DLLs).

HOW TO USE THESE COMPONENTS

	1) If not already present on the machine where the tools will be run, download and install the
		Microsoft Visual C++ Runtime Libraries. The installer for the redistributable can be
		found at https://aka.ms/vs/15/release/VC_redist.x86.exe

	2) Extract the files in the package to a directory. The files can be located at any local path on
		the machine where the signing and verification operations will be performed. Due to the
		sensitive nature of the operations the binaries perform, the chosen location should be
		well secured.

	3) The vbe7.dll library can be either located in the same directory as the SIP libraries, or it
		can be located in an alternate location, and its location registered for discovery in
		the Windows registry at:
			[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA]
			REG_SZ Value "Vbe71DllPath" set to the full path to vbe7.dll library

	4) Run regsvr32.exe on the SIP libraries (i.e. msosip.dll / msosipx.dll) you wish to use.
		Regsvr32.exe must be run with Administrator privileges because the libraries are
		registered into the HKEY_LOCAL_MACHINE registry hive.

	5) Once registered, you can run your signing or verification procedure on supported Office files
		containing VBA macros.
			Example Command Line (signing):
				signtool.exe sign /f C:\Certificates\cert1.pfx /fd SHA256 C:\Files\FileWithMacros.xlsm
			Example Command Line (verification):
				signtool.exe verify C:\Files\FileWithMacros.xlsm

	6) Beginning with Office 2016, Office supports two different signatures on VBA projects. The
		first is the same signature format that has been supported in Office in past versions. The
		second is an improved signature format that allows for more agility in specifying new hashing
		algorithms as the cryptographic landscape changes over time.

		The best practice when signing VBA projects in Office files involves creating both signatures.
		However, the Windows cryptographic stack only supports creating one of these signatures at a
		time. To accomplish signing with both signatures, begin with a document with an unsigned VBA
		project and run signtool.exe (or other tool of your choice) the first time to sign the project.
		This will generate the legacy format signature. Running the tool again on the same file will
		add the newer agile signature. Note that if a file already has a legacy signature, any new
		attempts to sign the file will produce (or overwrite) the agile signature. In order to sign a
		file from scratch again, including the legacy signature, the existing signatures must first be
		removed (see below).

		Note that this two-signature format used for VBA projects is different in format than the
		built-in dual signing mechanism supported in more recent Windows versions, and so does not work
		with signtool.exe options such as "verify /all" or "verify /ds 1" which iterate over native
		Windows multiple signature stores.

		Due to limitations in the way SIPs integrate into the Windows cryptography stack, only one
		signature can be validated on a given file. If the legacy signature is present but the agile
		signature is not, the legacy signature will be validated. If the agile signature is present, it
		will be validated. This means the best practice for signing an Office file with both signatures
		is:
			i) Sign the file with the legacy signature.
			ii) Validate the file to ensure the legacy signature is valid.
			iii) Sign the file again, this time producing the agile signature.
			iv) Validate the file once again to ensure the agile signature is valid.

	7) If your signing process requires the removal of existing signatures from files in order to support
		properly double-signing the Office files as described above, you can use the included
		offclearsig.exe tool to accomplish this. This tool will remove any existing VBA signatures
		contained in the specified file. The tool depends on the SIPs being registered as described
		above.

SUPPORTED FILE FORMATS

	MSOSIP:
		Excel: .xla, .xls, .xlt
		PowerPoint: .pot, .ppa, .pps, .ppt
		Project: .mpp, .mpt
		Publisher: .pub
		Visio: .vdw, .vdx, .vsd, .vss, .vst, .vsx, .vtx
		Word: .doc, .dot, .wiz

	MSOSIPX:
		Excel: .xlam, .xlsb, .xlsm, .xltm
		PowerPoint: .potm, .ppam, .ppsm, .pptm
		Visio: .vsdm, .vssm, .vstm
		Word: .docm, .dotm

MICROSOFT OFFICE SUBJECT INTERFACE PACKAGES SUPPORT

	The Office SIPs are provided as-is with the following options available for support:
		1) Premier customers may either:
			i) Go to the Office Premier portal.
			ii) Log a support request or call tech support at the Premier support contacts page (https://aka.ms/premier_support_contacts).
		2) Broad Commercial customers may purchase professional support for a single incident or a pack of 5 (developer support not included), which includes phone support.
			i) To purchase: https://aka.ms/business_support_options
			ii) Phone support: https://aka.ms/business_phone_support