2007/12/05

Infopath Digital Signature

Briefly about digital signatures

You can enable digital signatures when designing a form so that users can add digital signature when filling it out. This digital signature proves that the form originated from the signer and has not been changed. Also the signature can include some comments from the author. After signing, the data in the form cannot be changed without cancellation digital signature.

When adding a digital signature, the user must use a digital certificate. Digital certificate is an attachment for a file, macro project, or e-mail message that assures authenticity, provides secure encryption, or supplies a verifiable signature. Digital certificates, which you can get through commercial certification authorities or from your internal security administrator, establish the authenticity of the signature.

About InfoPath digital signatures

In addition to enabling digital signatures so that users can sign your form, you can add a digital signature to your form template which authenticates you as the author of the form template in the same way that a digital signature on a form authenticates the user who filled out the form. Form template in InfoPath is a file or set of files that defines the data structure, appearance, and behavior of a form. For example, form templates that have been distributed to users in an e-mail message can be updated more effectively if they have been supplied with a digital signature.
When you put a digital signature in a form, InfoPath uses only those certificates that have a private key and a Digital Signature or Both value for the Key Usage attribute. Also the purpose of the certificate must be set as Client Authentication or Code Signing. If you are using a certificate to add digital signature to a form template, the certificate must be set as Code Signing. These limitations are applied because InfoPath uses XML Signatures to digitally sign forms.
  • Because a digital certificate you create is not issued by a formal certification authority, forms signed using a certificate you created are referred to as self-signed forms. These certificates are considered unauthenticated and will generate a security warning if the form's security level is set to Domain. InfoPath trusts self-signed certificates only on computers that have access to the private key for that certificate. In most cases, this means that InfoPath trusts self-signed certificates only on the computer that created the certificate, unless the private key is shared with other computers.
  • The information in this topic may not apply if you are working with a form designed using Microsoft Office InfoPath 2003 without the service pack installed.