signature (item)

It is created by a form viewer or other program when a user signs a form (usually using a signature button). The signature item contains an encrypted hash value that makes it impossible to modify the form without changing the hash value that the modified form would generate. To verify, one can generate the hash value and then see if it matches the one in the signature.

Available options

colorinfo, excludedmetadata, fullname, itemnext, itemprevious, layoutinfo, mimedata, signature, signdatagroups, signdetails, signer, signformat, signgroups, signinstances, signitemrefs, signitems, signnamespaces, signoptionrefs, signoptions, signpagerefs

Example

This example shows a signature item under the signature button that created it.

   <button sid="empSigButton">
      <type>signature</type>
      <value compute="signer"></value>
      <signer>Jane D Smith, jsmith@insurance.com</signer>
      <format>
         <datatype>string</datatype>
         <constraints>
            <mandatory>on</mandatory>
         </constraints>
      </format>
      <signformat>application/vnd.xfdl;
         csp="Microsoft Base Cryptographic Provider v1.0"; 
         csptype=rsa_full;hashalg=sha1
      </signformat>
      <signoptions>
         <filter>omit</filter>
         <optiontype>triggeritem</optiontype>
         <optiontype>coordinates</optiontype>
      </signoptions>
      <signitemrefs>
         <filter>omit</filter>
         <itemref>PAGE1.mgrSigButton</itemref>
         <itemref>PAGE1.admSigButton</itemref>
         <itemref>PAGE1.empsignature</itemref>
         <itemref>PAGE1.mgrsignature</itemref>
         <itemref>PAGE1.admsignature</itemref>
      </signitemrefs>
      <signature>empsignature</signature>
   </button>
   ...
   <signature sid="empsignature">
      <signformat>application/vnd.xfdl;
         csp="Microsoft Base Cryptographic Provider v1.0";
         csptype=rsa_full;hashalg=sha1
      </signformat>
      <signer>Jane D Smith, jsmith@insurance.com</signer>
      <fullname>
         "Verisign, Inc.", Verisign Trust Network, 
         "www.verisign.com/repository/RPA Incorp. by 
         Ref.,LIAB.LTD(c)98", Persona Not Validated, 
         Digital ID Class 1 - Microsoft, Jane D 
         Smith, jsmith@insurance.com
      </fullname>
      <signature>PAGE1.empsignature</signature>
      <signitemrefs>
         <filter>omit</filter>
         <itemref>PAGE1.mgrSigButton</itemref>
         <itemref>PAGE1.admSigButton</itemref>
         <itemref>PAGE1.empsignature</itemref>
         <itemref>PAGE1.mgrsignature</itemref>
         <itemref>PAGE1.admsignature</itemref>
      </signitemrefs>
      <!-- The items listed previously MUST have itemlocation options with
         absolute and extent as the last settings in order for the filter
         to be sufficient in terms of security -->
      <signoptionrefs>
         <filter>keep</filter>
         <optionref>PAGE1.mgrSigButton.itemlocation</optionref>
         <optionref>PAGE1.admSigButton.itemlocation</optionref>
         <optionref>PAGE1.empsignature.itemlocation</optionref>
         <optionref>PAGE1.mgrsignature.itemlocation</optionref>
         <optionref>PAGE1.admsignature.itemlocation</optionref>
      </signoptionrefs>
      <signoptions>
         <filter>omit</filter>
         <optiontype>triggeritem</optiontype>
         <optiontype>coordinates</optiontype>
      </signoptions>
      <mimedata encoding="base64">
         MIIFMgYJKoZIhvcNAQcCoIIFIzCCBR8CAQExDzANBgkgAQUFADALB\ngk
         qhkiG9w0BBwGgggQZMCA36gAwSRiADjdhfHJl6hMrc5DySSP+X5j\nANf
         BGSOI\n9w0BAQQwDwYDVQQHEwhJbn<Rlcm5ldDEXMBUGA1UEChM\nOVmV
         yaVNpZ24sIEluYy4xNDAKn1ZlcmlTaWduIENsYXNzIDEgQ0Eg\nLSJbmR
         dWFsIFN1YnNjcmliyZXIwHhcNOTgwMTI3MwMDAwOTgwM\M1OTU5WjCCAR
         ExETA
      </mimedata>
   </signature>

Usage details

1. When a user signs a form using a signature button, the viewer creates the signature item as specified in the button's signature option. The viewer also associates the signature with the signature button, using the signature's signature option.
2. When a user signs a form, the signer, signformat, signgroups, signitemrefs, signitems, signnamespaces, signoptionrefs, and signoptions options are copied from the button description to the signature description.
3. While signformat is not mandatory for button items, it is mandatory for signature items.
4. A copy of the XFDL description of the form or portion of the form that is signed is included in the signature's mimedata option. This data is encrypted using the hash algorithm specified in the button's signformat option.
5. signatures always filter out the mimedata option for their own signature item, regardless of the signature filter settings. This is done because the mimedata is not populated with the signature information until after the signature has been applied. (In other words, the signature can't include itself because it hasn't been generated yet.)
6. When a program checks a signed form, it compares the data in the mimedata option with that of the portion of the form that is apparently signed. If the descriptions match, then the signature remains valid. If the signatures do not match, the signature breaks, and the user is prompted.
7. An attempt to create a signature will fail if:
   • The item named by the signature button's signature option already exists.
   • The signature button is already signed by any signature in the form.
   • The signer's private key is unavailable for signing.
8. Filters can be used to indicate which items and options to keep and to omit. The explicit and implicit settings of an existing filter take precedence over an implication that might be drawn from a non-existing filter. Set up these filters in the signature button description.
9. To use certain types of digital signatures (CryptoAPI or Netscape, for example), it is necessary for the user to obtain a digital signature certificate. Other types of digital signatures require the user to have a pen/pad device installed on the user's computer.