...
Signatures can be added to any form using one of the methods listed:
- Signature Control
- Electronic Signatures#Signed Signed Sections
The signature control only captures a handwritten signature image. It does not create a digital signature. A signed section that is set to wet signature both captures a handwritten signature image and creates a digital signature over the contents of the section. See below.
Digital Signature
The user must be authenticated to the server. Here is how it works:
uses public key cryptography. When a server is first started, it generates a public and a private key. This is automatically generated using the RSA algorithm. There is no official certificate authority (CA); however, if you want one you can supply your own public and private keys that are certified by some authority (like Verisign). An official CA is not required, since the data is signed by and verified by using keys generated by . You must keep the private key "private" by setting up good security practices to the server's disk. The public key may be shared with anyone and, in fact, if you manage the server as the admin user, and click on Security you can see the public key displayed there.
When a section is signed, the data in the section, together with a time stamp, the signing user, and a few other things are used to generate a message digest. The message digest is digitally signed using the private key. The signatures (there can be more than one) are included with the submission – in the repository and sent in the HTTP POST so you can save it yourself if you want.
When the form is re-initialized from the submission documents, you must also supply the signatures. The initialization process will verify that the data has not changed (i.e., has not been tampered with) and the signature is still valid. If the signature is not valid, it is removed and the entire Section is displayed with a visible error (large red background). If it is valid, there is a green background and the Section cannot be edited.
Wet Signature Control
...
| Note |
|---|
Signed Section in multiple activities in a flow must contain the same controls in all the activities. |
Digital Signature
The user must be authenticated to the server. Here is how it works:
uses public key cryptography. When a server is first started, it generates a public and a private key. This is automatically generated using the RSA algorithm. There is no official certificate authority (CA); however, if you want one you can supply your own public and private keys that are certified by some authority (like Verisign). An official CA is not required, since the data is signed by and verified by using keys generated by . You must keep the private key "private" by setting up good security practices to the server's disk. The public key may be shared with anyone and, in fact, if you manage the server as the admin user, and click on Security you can see the public key displayed there.
When a section is signed, the data in the section, together with a time stamp, the signing user, and a few other things are used to generate a message digest. The message digest is digitally signed using the private key. The signatures (there can be more than one) are included with the submission – in the repository and sent in the HTTP POST so you can save it yourself if you want.
...
. |
...
Signed Section Signature Options
...