Records the type of encoding that a form viewing program must use to create the mimedata setting in a signature. Specifically, the parameters in signformat specify:
To create the mimedata setting, a form viewer takes the signer's certificate and a plaintext representation of the form or portion of the form that the signature applies to, and encodes them according to the settings in signformat. For details, see the mimedata option.
<signformat>MIME type;
engine="signature engine";
verifier;
cval;
delete;
parameters
layoutoverlaptest
</signformat>
Parameter | Type | Description |
---|---|---|
MIMEtype | string | the MIME type of the signed data. May
be:
|
signature engine | string | the type of signature. Valid types are:
Default: Generic RSA |
verifier | string | an optional flag that indicates which
verifier should be used when verifying certificate chains during digital
signature operations. Valid verifiers are:
Default: Basic |
cval | string | an optional flag that indicates whether
the current value of computed options is signed. This is useful if
you want to sign the compute, but not the value calculated by the
compute (for example, if you are signing the presentation layer of
a form). If you want to sign the current values, do not use this flag. If you do not want to sign the current values, use: cval="off" Default: current values are signed. |
delete | string | an optional flag that indicates whether the signature can be deleted by the user. By default, all signatures can be deleted. If you want to prevent a signature from being deleted, use: delete="off" |
parameters | depends on engine | additional parameters required by the signature engine (see the following) |
layoutoverlaptest | string | an optional flag that can be set to perform
the layout and overlap test. Values can be:
The default value is optional for all signature engines except ClickWrap. The ClickWrap default is none. |
button, signature
The following table describes the signature engines that are available:
signature Engine | Description |
---|---|
ClickWrap | The ClickWrap signature allows users to sign a form without requiring a digital certificate. Instead, signers may have to answer some questions about themselves and echo some text to indicate their intent to agree to the document. |
CryptoAPI | The CryptoAPI signature uses digital certificates that are stored in your Internet Explorer certificate store to create a digital signature. |
Entrust | The Entrust signature allows the end-user to sign the form using the Entrust brand of products. |
Generic RSA | The Generic RSA signature uses digital certificates from either your Internet Explorer or your Netscape certificate store. |
HMAC-ClickWrap | The HMAC-ClickWrap signature is similar to the ClickWrap signature, in that the end-user does not require a digital certificate to create a signature. Instead, the end-user provides a shared secret (such as a password) that can be verified by a server. Once the signature is verified, the server then uses its own digital certificate to sign the form and validate the end-user's non-digital signature. |
Netscape | The Netscape signature uses digital certificates that are stored in your Netscape certificate store to create a digital signature. |
signaturePad | The signaturePad signature allows the end-user to sign the form using a variety of pad-style hardware. This signature type includes support for signature pads from Interlink and Topaz, as well as pads that support the WinTab standard. |
Silanis | A Silanis signature allows the end-user to sign the form using the Silanis brand of products. It is also the only signature type that can create non-locking signatures, in which the data that is signed is not locked to prevent changes. |
The following table details the additional parameters you must use for each signature type when defining the signformat option. Note that the Generic RSA signature does not require any additional parameters.
Engine | Parameter | Valid Settings | Description |
---|---|---|---|
Clickwrap, HMAC-Clickwrap | hashalg | sha1 | hash algorithm with 160-bit message digest. This is the default setting. |
Clickwrap, HMAC-Clickwrap | hashalg | sha256 | hash algorithm with 256-bit message digest |
Clickwrap, HMAC-Clickwrap | hashalg | sha384 | hash algorithm with 384-bit message digest |
Clickwrap, HMAC-Clickwrap | hashalg | sha512 | hash algorithm with 512-bit message digest |
Clickwrap, HMAC-Clickwrap | hashalg | md5 | hash algorithm with 128-bit message digest |
Clickwrap, HMAC-Clickwrap | titleText | String | text to display for the main title of the signature dialog box |
Clickwrap, HMAC-Clickwrap | mainPrompt | String | text to display for the main prompt |
Clickwrap, HMAC-Clickwrap | mainText | String | text to display for the main text |
Clickwrap, HMAC-Clickwrap | question1Text | String | label for the first question |
Clickwrap, HMAC-Clickwrap | answer1Text | String | default answer to the first question; user can overwrite |
Clickwrap, HMAC-Clickwrap | question2Text | String | label for the second question |
Clickwrap, HMAC-Clickwrap | answer2Text | String | default answer to the second question; user can overwrite |
Clickwrap, HMAC-Clickwrap | question3Text | String | label for the third question |
Clickwrap, HMAC-Clickwrap | answer3Text | String | default answer to the third question; user can overwrite |
Clickwrap, HMAC-Clickwrap | question4Text | String | label for the forth question |
Clickwrap, HMAC-Clickwrap | answer4Text | String | default answer to the forth question; user can overwrite |
Clickwrap, HMAC-Clickwrap | question5Text | String | label for the fifth question |
Clickwrap, HMAC-Clickwrap | answer5Text | String | default answer to the fifth question; user can overwrite |
Clickwrap, HMAC-Clickwrap | echoPrompt | String | text to display for the echo prompt |
Clickwrap, HMAC-Clickwrap | echoText | String | text the user enters. For example, the actual echo text typed by the user |
Clickwrap, HMAC-Clickwrap | buttonPrompt | String | text to display before the accept and reject buttons |
Clickwrap, HMAC-Clickwrap | acceptText | String | text to display on the accept button |
Clickwrap, HMAC-Clickwrap | rejectText | String | text to display on the reject button |
Clickwrap, HMAC-Clickwrap | HMACsigner | String | a comma delimited list of the answers that store the signer's identity. This is written as answern. For example, answer1, answer2, and so on. Note that this parameter applies only to HMAC-Clickwrap signatures |
Clickwrap, HMAC-Clickwrap | HMACSecret | String | a comma delimited list of the answers that store the shared secret. This is written as answern. For example, answer1, answer2, and so on. Note that this parameter applies only to HMAC-Clickwrap signatures |
Clickwrap, HMAC-Clickwrap | readonly | String | a comma delimited list of the answers that should be read-only. This is written as answern. For example, answer1, answer2, and so on. Note that this parameter applies only to HMAC-Clickwrap signatures |
CryptoAPI | csp | determined by form viewing program | Cryptographic Service Provider (ie Microsoft™ Base Cryptographic Provider v1.0) |
CryptoAPI | csptype | rsa_full | full RSA implementation (this is the default) |
CryptoAPI | csptype | rsa_sig | for a CSP that supplies only RSA signature algorithms |
CryptoAPI | csptype | dss | for a CSP that supplies algorithms compliant with the Digital signature Standard |
CryptoAPI | csptype | dss_dh | for a CSP that supplies DSS compliant algorithms and Diffie-Hellman encryption |
CryptoAPI | csptype | fortezza | for a CSP that supplies Fortezza algorithms |
CryptoAPI | csptype | Note: Instead of using one of the previous
settings for csptype, the numeric value that is defined for it in
the cryptographic API may be used. For example, csptype=dss and csptype=3
produce the same result.
|
Note: Instead of using one of the previous settings for csptype,
the numeric value that is defined for it in the cryptographic API
may be used. For example, csptype=dss and csptype=3 produce the same
result.
|
CryptoAPI | hashalg | sha1 | hash algorithm with 160-bit message digest. This is the default setting. |
CryptoAPI | hashalg | sha256 | hash algorithm with 256-bit message digest |
CryptoAPI | hashalg | sha384 | hash algorithm with 384-bit message digest |
CryptoAPI | hashalg | sha512 | hash algorithm with 512-bit message digest |
CryptoAPI | hashalg | md5 | hash algorithm with 128-bit message digest |
Entrust | hashalg | sha1 | hash algorithm with 160-bit message digest. This is the default setting. |
Entrust | hashalg | md5 | hash algorithm with 128-bit message digest |
Netscape | hashalg | sha1 | hash algorithm with 160-bit message digest. This is the default setting. |
Netscape | hashalg | sha256 | hash algorithm with 256-bit message digest |
Netscape | hashalg | sha384 | hash algorithm with 384-bit message digest |
Netscape | hashalg | sha512 | hash algorithm with 512-bit message digest |
Netscape | hashalg | md5 | hash algorithm with 128-bit message digest |
signaturePad | TSP | String | defines the preferred signature pad software/hardware
to use. Valid settings are:
If no setting is specified, the form viewing software will determine which hardware is available, and will default to either Interlink or Topaz first and WinTab second. |
signaturePad | hashalg | sha1 | hash algorithm with 160-bit message digest. This is the default setting. |
signaturePad | hashalg | md5 | hash algorithm with 128-bit message digest |
signaturePad | titleText | String | text to display for the main title of the signature dialog box |
signaturePad | mainPrompt | String | text to display for the main prompt |
signaturePad | mainText | String | text to display for the main text |
signaturePad | question1Text | String | label for the first question |
signaturePad | answer1Text | String | default answer to the first question; user can overwrite |
signaturePad | question2Text | String | label for the second question |
signaturePad | answer2Text | String | default answer to the second question; user can overwrite |
signaturePad | question3Text | String | label for the third question |
signaturePad | answer3Text | String | default answer to the third question; user can overwrite |
signaturePad | question4Text | String | label for the forth question |
signaturePad | answer4Text | String | default answer to the forth question; user can overwrite |
signaturePad | question5Text | String | label for the fifth question |
signaturePad | answer5Text | String | default answer to the fifth question; user can overwrite |
signaturePad | echoPrompt | String | text to display for the echo prompt |
signaturePad | echoText | String | text to display for the signer to echo |
signaturePad | buttonPrompt | String | text to display before the accept and reject buttons |
signaturePad | acceptText | String | text to display on the accept button |
signaturePad | rejectText | String | text to display on the reject button |
signaturePad | readonly | String | a comma delimited list of the answers that should be read-only. This is written as answern. For example, answer1, answer2, and so on. |
signaturePad | startText | String | text to display on the button that starts the signature capture |
signaturePad | endText | String | text to display on the button that ends the signature capture |
signaturePad | penColor | String | the color to use when drawing the signature on the screen. This is either a color name or a comma separated list of RGB values. |
signaturePad | backgroundColor | String | the color to use for the background of the signature graphic. This is either a color name or a comma separated list of RGB values. |
Silanis | lock | on | sets the signature to lock all signed data. This prevents the user from changing data once it has been signed. By default, all signature types lock the data. |
Silanis | lock | off | prevents the signature from locking the data. This means users will be able to change signed data. Note that changes to signed data will still break the signature. |
This example shows a button configured for a CryptoAPI signature.
<button sid="empSigButton">
<type>signature</type>
<value compute="signer"></value>
<signer></signer>
<format>
<datatype>string</datatype>
<constraints>
<mandatory>on</mandatory>
</constraints>
</format>
<signformat> application/vnd.xfdl;
csp="Microsoft Base Cryptographic Provider v1.0";
csptype=rsa_full; hashalg=sha1
</signformat>
<signoptions>
<filter>omit</filter>
<optiontype>triggeritem</optiontype>
<optiontype>coordinates</optiontype>
</signoptions>
<signitemrefs>
<filter>omit</filter>
<itemref>PAGE1.mgrSigButton</itemref>
<itemref>PAGE1.admSigButton</itemref>
<itemref>PAGE1.empsignature</itemref>
<itemref>PAGE1.mgrsignature</itemref>
<itemref>PAGE1.admsignature</itemref>
</signitemrefs>
<!-- The items listed previously MUST have itemlocation
options with absolute and extent as the last
settings in order for the filter under to
be sufficient in terms of security -->
<signoptionrefs>
<filter>keep</filter>
<optionref>PAGE1.mgrSigButton.itemlocation</optionref>
<optionref>PAGE1.admSigButton.itemlocation</optionref>
<optionref>PAGE1.empsignature.itemlocation</optionref>
<optionref>PAGE1.mgrsignature.itemlocation</optionref>
<optionref>PAGE1.admsignature.itemlocation</optionref>
</signoptionrefs>
<signature>empsignature</signature>
</button>
This example shows a button configured for a Clickwrap signature.
<button sid="empSigButton">
<type>signature</type>
<value compute="signer"></value>
<signer></signer>
<format>
<datatype>string</datatype>
<constraints>
<mandatory>on</mandatory>
</constraints>
</format>
<signformat>application/vnd.xfdl;
engine="ClickWrap"; hashalg="md5";
titleText="Document Acceptance";
echoPrompt="Type the following:";
echoText="I agree";question1Text="Name:";
question2Text="Employee ID #:"
</signformat>
<signoptions>
<filter>omit</filter>
<optiontype>triggeritem</optiontype>
<optiontype>coordinates</optiontype>
</signoptions>
<signitemrefs>
<filter>omit</filter>
<itemref>PAGE1.mgrSigButton</itemref>
<itemref>PAGE1.admSigButton</itemref>
<itemref>PAGE1.empsignature</itemref>
<itemref>PAGE1.mgrsignature</itemref>
<itemref>PAGE1.admsignature</itemref>
</signitemrefs>
<!-- The items listed previously MUST have itemlocation
options with absolute and extent as the last
settings in order for the filter under to
be sufficient in terms of security -->
<signoptionrefs>
<filter>keep</filter>
<optionref>PAGE1.mgrSigButton.itemlocation</optionref>
<optionref>PAGE1.admSigButton.itemlocation</optionref>
<optionref>PAGE1.empsignature.itemlocation</optionref>
<optionref>PAGE1.mgrsignature.itemlocation</optionref>
<optionref>PAGE1.admsignature.itemlocation</optionref>
</signoptionrefs>
<signature>empsignature</signature>
</button>