signformat

Records the type of encoding that a form viewing program must use to create the mimedata setting in a signature. Specifically, the parameters in signformat specify:

The MIME type of the data from which the mimedata setting is created (see the following for an explanation).
The signature engine to use.
Settings specific to the engine used.

About the mimedata setting:

To create the mimedata setting, a form viewer takes the signer's certificate and a plaintext representation of the form or portion of the form that the signature applies to, and encodes them according to the settings in signformat. For details, see the mimedata option.

Syntax

   <signformat>MIME type; 
      engine="signature engine";
      verifier;
      cval;
      delete;
      parameters
      layoutoverlaptest
   </signformat>

Table 1. signformat properties
Parameter	Type	Description
MIMEtype	string	the MIME type of the signed data. May be: XFDL – application/vnd.xfdl
signature engine	string	the type of signature. Valid types are: ClickWrap CryptoAPI Entrust Generic RSA (includes CryptoAPI and Netscape) HMAC-ClickWrap Netscape signaturePad Silanis Default: Generic RSA
verifier	string	an optional flag that indicates which verifier should be used when verifying certificate chains during digital signature operations. Valid verifiers are: Basic – Performs basic certificate verification. DODJ12 – Performs strict certificate verification that complies with US Department of Defense requirements. Default: Basic
cval	string	an optional flag that indicates whether the current value of computed options is signed. This is useful if you want to sign the compute, but not the value calculated by the compute (for example, if you are signing the presentation layer of a form). If you want to sign the current values, do not use this flag. If you do not want to sign the current values, use: cval="off" Default: current values are signed.
delete	string	an optional flag that indicates whether the signature can be deleted by the user. By default, all signatures can be deleted. If you want to prevent a signature from being deleted, use: delete="off"
parameters	depends on engine	additional parameters required by the signature engine (see the following)
layoutoverlaptest	string	an optional flag that can be set to perform the layout and overlap test. Values can be: required – The layout and overlap test must be performed for any signature type and must be verified. If the signature type does not support the layout and overlap test an error message is presented to the user. optional – The layout and overlap test must be performed if available, and must be verified if possible. none – The layout and overlap test is not performed. The default value is optional for all signature engines except ClickWrap. The ClickWrap default is none.

Available In

button, signature

About the signature Engines

The following table describes the signature engines that are available:

Table 2. available signature engines
signature Engine	Description
ClickWrap	The ClickWrap signature allows users to sign a form without requiring a digital certificate. Instead, signers may have to answer some questions about themselves and echo some text to indicate their intent to agree to the document.
CryptoAPI	The CryptoAPI signature uses digital certificates that are stored in your Internet Explorer certificate store to create a digital signature.
Entrust	The Entrust signature allows the end-user to sign the form using the Entrust brand of products.
Generic RSA	The Generic RSA signature uses digital certificates from either your Internet Explorer or your Netscape certificate store.
HMAC-ClickWrap	The HMAC-ClickWrap signature is similar to the ClickWrap signature, in that the end-user does not require a digital certificate to create a signature. Instead, the end-user provides a shared secret (such as a password) that can be verified by a server. Once the signature is verified, the server then uses its own digital certificate to sign the form and validate the end-user's non-digital signature.
Netscape	The Netscape signature uses digital certificates that are stored in your Netscape certificate store to create a digital signature.
signaturePad	The signaturePad signature allows the end-user to sign the form using a variety of pad-style hardware. This signature type includes support for signature pads from Interlink and Topaz, as well as pads that support the WinTab standard.
Silanis	A Silanis signature allows the end-user to sign the form using the Silanis brand of products. It is also the only signature type that can create non-locking signatures, in which the data that is signed is not locked to prevent changes.

Additional Parameters for Common signature Engines

The following table details the additional parameters you must use for each signature type when defining the signformat option. Note that the Generic RSA signature does not require any additional parameters.

Table 3. additional parameters for signature engines.
signature engine examples
Engine	Parameter	Valid Settings	Description
Clickwrap, HMAC-Clickwrap	hashalg	sha1	hash algorithm with 160-bit message digest. This is the default setting.
Clickwrap, HMAC-Clickwrap	hashalg	sha256	hash algorithm with 256-bit message digest
Clickwrap, HMAC-Clickwrap	hashalg	sha384	hash algorithm with 384-bit message digest
Clickwrap, HMAC-Clickwrap	hashalg	sha512	hash algorithm with 512-bit message digest
Clickwrap, HMAC-Clickwrap	hashalg	md5	hash algorithm with 128-bit message digest
Clickwrap, HMAC-Clickwrap	titleText	String	text to display for the main title of the signature dialog box
Clickwrap, HMAC-Clickwrap	mainPrompt	String	text to display for the main prompt
Clickwrap, HMAC-Clickwrap	mainText	String	text to display for the main text
Clickwrap, HMAC-Clickwrap	question1Text	String	label for the first question
Clickwrap, HMAC-Clickwrap	answer1Text	String	default answer to the first question; user can overwrite
Clickwrap, HMAC-Clickwrap	question2Text	String	label for the second question
Clickwrap, HMAC-Clickwrap	answer2Text	String	default answer to the second question; user can overwrite
Clickwrap, HMAC-Clickwrap	question3Text	String	label for the third question
Clickwrap, HMAC-Clickwrap	answer3Text	String	default answer to the third question; user can overwrite
Clickwrap, HMAC-Clickwrap	question4Text	String	label for the forth question
Clickwrap, HMAC-Clickwrap	answer4Text	String	default answer to the forth question; user can overwrite
Clickwrap, HMAC-Clickwrap	question5Text	String	label for the fifth question
Clickwrap, HMAC-Clickwrap	answer5Text	String	default answer to the fifth question; user can overwrite
Clickwrap, HMAC-Clickwrap	echoPrompt	String	text to display for the echo prompt
Clickwrap, HMAC-Clickwrap	echoText	String	text the user enters. For example, the actual echo text typed by the user
Clickwrap, HMAC-Clickwrap	buttonPrompt	String	text to display before the accept and reject buttons
Clickwrap, HMAC-Clickwrap	acceptText	String	text to display on the accept button
Clickwrap, HMAC-Clickwrap	rejectText	String	text to display on the reject button
Clickwrap, HMAC-Clickwrap	HMACsigner	String	a comma delimited list of the answers that store the signer's identity. This is written as answer_n. For example, answer₁, answer₂, and so on. Note that this parameter applies only to HMAC-Clickwrap signatures
Clickwrap, HMAC-Clickwrap	HMACSecret	String	a comma delimited list of the answers that store the shared secret. This is written as answer_n. For example, answer₁, answer₂, and so on. Note that this parameter applies only to HMAC-Clickwrap signatures
Clickwrap, HMAC-Clickwrap	readonly	String	a comma delimited list of the answers that should be read-only. This is written as answer_n. For example, answer₁, answer₂, and so on. Note that this parameter applies only to HMAC-Clickwrap signatures
CryptoAPI	csp	determined by form viewing program	Cryptographic Service Provider (ie Microsoft™ Base Cryptographic Provider v1.0)
CryptoAPI	csptype	rsa_full	full RSA implementation (this is the default)
CryptoAPI	csptype	rsa_sig	for a CSP that supplies only RSA signature algorithms
CryptoAPI	csptype	dss	for a CSP that supplies algorithms compliant with the Digital signature Standard
CryptoAPI	csptype	dss_dh	for a CSP that supplies DSS compliant algorithms and Diffie-Hellman encryption
CryptoAPI	csptype	fortezza	for a CSP that supplies Fortezza algorithms
CryptoAPI	csptype	Note: Instead of using one of the previous settings for csptype, the numeric value that is defined for it in the cryptographic API may be used. For example, csptype=dss and csptype=3 produce the same result.	Note: Instead of using one of the previous settings for csptype, the numeric value that is defined for it in the cryptographic API may be used. For example, csptype=dss and csptype=3 produce the same result.
CryptoAPI	hashalg	sha1	hash algorithm with 160-bit message digest. This is the default setting.
CryptoAPI	hashalg	sha256	hash algorithm with 256-bit message digest
CryptoAPI	hashalg	sha384	hash algorithm with 384-bit message digest
CryptoAPI	hashalg	sha512	hash algorithm with 512-bit message digest
CryptoAPI	hashalg	md5	hash algorithm with 128-bit message digest
Entrust	hashalg	sha1	hash algorithm with 160-bit message digest. This is the default setting.
Entrust	hashalg	md5	hash algorithm with 128-bit message digest
Netscape	hashalg	sha1	hash algorithm with 160-bit message digest. This is the default setting.
Netscape	hashalg	sha256	hash algorithm with 256-bit message digest
Netscape	hashalg	sha384	hash algorithm with 384-bit message digest
Netscape	hashalg	sha512	hash algorithm with 512-bit message digest
Netscape	hashalg	md5	hash algorithm with 128-bit message digest
signaturePad	TSP	String	defines the preferred signature pad software/hardware to use. Valid settings are: Interlink Topaz WinTab If no setting is specified, the form viewing software will determine which hardware is available, and will default to either Interlink or Topaz first and WinTab second.
signaturePad	hashalg	sha1	hash algorithm with 160-bit message digest. This is the default setting.
signaturePad	hashalg	md5	hash algorithm with 128-bit message digest
signaturePad	titleText	String	text to display for the main title of the signature dialog box
signaturePad	mainPrompt	String	text to display for the main prompt
signaturePad	mainText	String	text to display for the main text
signaturePad	question1Text	String	label for the first question
signaturePad	answer1Text	String	default answer to the first question; user can overwrite
signaturePad	question2Text	String	label for the second question
signaturePad	answer2Text	String	default answer to the second question; user can overwrite
signaturePad	question3Text	String	label for the third question
signaturePad	answer3Text	String	default answer to the third question; user can overwrite
signaturePad	question4Text	String	label for the forth question
signaturePad	answer4Text	String	default answer to the forth question; user can overwrite
signaturePad	question5Text	String	label for the fifth question
signaturePad	answer5Text	String	default answer to the fifth question; user can overwrite
signaturePad	echoPrompt	String	text to display for the echo prompt
signaturePad	echoText	String	text to display for the signer to echo
signaturePad	buttonPrompt	String	text to display before the accept and reject buttons
signaturePad	acceptText	String	text to display on the accept button
signaturePad	rejectText	String	text to display on the reject button
signaturePad	readonly	String	a comma delimited list of the answers that should be read-only. This is written as answer_n. For example, answer₁, answer₂, and so on.
signaturePad	startText	String	text to display on the button that starts the signature capture
signaturePad	endText	String	text to display on the button that ends the signature capture
signaturePad	penColor	String	the color to use when drawing the signature on the screen. This is either a color name or a comma separated list of RGB values.
signaturePad	backgroundColor	String	the color to use for the background of the signature graphic. This is either a color name or a comma separated list of RGB values.
Silanis	lock	on	sets the signature to lock all signed data. This prevents the user from changing data once it has been signed. By default, all signature types lock the data.
Silanis	lock	off	prevents the signature from locking the data. This means users will be able to change signed data. Note that changes to signed data will still break the signature.

Example

This example shows a button configured for a CryptoAPI signature.

   <button sid="empSigButton">
      <type>signature</type>
      <value compute="signer"></value>
      <signer></signer>
      <format>
         <datatype>string</datatype>
         <constraints>
            <mandatory>on</mandatory>
         </constraints>
      </format>
      <signformat>         application/vnd.xfdl;
         csp="Microsoft Base Cryptographic Provider v1.0";
         csptype=rsa_full; hashalg=sha1
      </signformat>
      <signoptions>
         <filter>omit</filter>
         <optiontype>triggeritem</optiontype>
         <optiontype>coordinates</optiontype>
      </signoptions>
      <signitemrefs>
         <filter>omit</filter>
         <itemref>PAGE1.mgrSigButton</itemref>
         <itemref>PAGE1.admSigButton</itemref>
         <itemref>PAGE1.empsignature</itemref>
         <itemref>PAGE1.mgrsignature</itemref>
         <itemref>PAGE1.admsignature</itemref>
      </signitemrefs>
   <!-- The items listed previously MUST have itemlocation
   options with absolute and extent as the last
   settings in order for the filter under to
   be sufficient in terms of security -->
      <signoptionrefs>
         <filter>keep</filter>
         <optionref>PAGE1.mgrSigButton.itemlocation</optionref>
         <optionref>PAGE1.admSigButton.itemlocation</optionref>
         <optionref>PAGE1.empsignature.itemlocation</optionref>
         <optionref>PAGE1.mgrsignature.itemlocation</optionref>
         <optionref>PAGE1.admsignature.itemlocation</optionref>
      </signoptionrefs>
      <signature>empsignature</signature>
   </button>

This example shows a button configured for a Clickwrap signature.

   <button sid="empSigButton">
      <type>signature</type>
      <value compute="signer"></value>
      <signer></signer>
      <format>
         <datatype>string</datatype>
         <constraints>
            <mandatory>on</mandatory>
         </constraints>
      </format>
      <signformat>application/vnd.xfdl; 
         engine="ClickWrap"; hashalg="md5";
         titleText="Document Acceptance";
         echoPrompt="Type the following:"; 
         echoText="I agree";question1Text="Name:";
         question2Text="Employee ID #:"
      </signformat>
      <signoptions>
         <filter>omit</filter>
         <optiontype>triggeritem</optiontype>
         <optiontype>coordinates</optiontype>
      </signoptions>
      <signitemrefs>
         <filter>omit</filter>
         <itemref>PAGE1.mgrSigButton</itemref>
         <itemref>PAGE1.admSigButton</itemref>
         <itemref>PAGE1.empsignature</itemref>
         <itemref>PAGE1.mgrsignature</itemref>
         <itemref>PAGE1.admsignature</itemref>
      </signitemrefs>
      <!-- The items listed previously MUST have itemlocation
      options with absolute and extent as the last
      settings in order for the filter under to
      be sufficient in terms of security -->
      <signoptionrefs>
         <filter>keep</filter>
         <optionref>PAGE1.mgrSigButton.itemlocation</optionref>
         <optionref>PAGE1.admSigButton.itemlocation</optionref>
         <optionref>PAGE1.empsignature.itemlocation</optionref>
         <optionref>PAGE1.mgrsignature.itemlocation</optionref>
         <optionref>PAGE1.admsignature.itemlocation</optionref>
      </signoptionrefs>
      <signature>empsignature</signature>
   </button>

Usage details

An XFDL Viewer automatically copies the signformat option from a signature button to its associated signature item.
signformat is an optional setting for a button item, but is mandatory for a signature item.