Digital Signatures in InfoPath 2010

A digital signature is conceptually the same as a written signature that is applied to paper documents. A digital signature is used to authenticate the signer and the signed digital information (such as form templates, e-mail messages, and documents) by using computer encryption.

In this article


What is a digital signature?

Digital signatures help to establish the following:

  • Authenticity    The digital signature helps to assure that the signer is who he or she claims to be.
  • Integrity    The digital signature helps to assure that signed content has not been changed or tampered with since its digital signature was applied.
  • Non-repudiation    The digital signature helps prove the origin of the signed content to all parties. Repudiation refers to the act of a signer denying any association with the signed content.

A digital certificate is required to apply a digital signature to either a Microsoft InfoPath form or an InfoPath form template. You can obtain a digital certificate through a commercial certification authority or from your internal security administrator.

Digital signatures can be applied to InfoPath forms and to the InfoPath form templates they are based on.

Top of Page Top of Page

Digital signatures for InfoPath forms

Digital signatures can be applied to forms that are filled out in Internet Explorer and in InfoPath. As a form designer, you specify the data to be signed and configure the methods and controls through which users add their signatures. After a form is signed, either the form or the part of the form that was signed cannot be altered without invalidating the signature.

Apply a digital signature to a form

InfoPath lets the form designer specify whether all, or only parts, of the form are digitally signed when signatures are applied. There are a few ways to go about doing this, and your choice as a designer should be based on both the user experience that works best for your users and the experience that is available to your users when they go to apply the signature. There are three interfaces through which users can apply a digital signature, and each of these interfaces can be configured to apply a partial or full-form digital signature.

Section control

The Section control can be used to apply digital signatures in Internet Explorer and in InfoPath Filler. The easiest way to configure a Section control to apply a digital signature is through the Section Properties dialog.

  1. On the form template, place the cursor where you want to insert the control.
  2. From the Home tab, in the Controls group, click the Section control.
  3. Repeat the previous two steps, as necessary, to add any additional controls that you want users to sign to the Section control area.

 Note    When applying a digital signature, users sign the data saved in these controls.

  1. Select the Section control.
  2. From the Properties tab, in the Properties group, click the Control Properties button.
  3. Check the Allow users to digitally sign this section check box.
  4. Select Add data that can be signed from the list.
  5. Most often, the default values in the Set of Signable Data dialog are correct. Only advanced users should change these values.
  6. Click OK to close the Set of Signable Data dialog.
  7. Click OK again to close the Section Properties dialog.

The Section control is most often used to apply digital signatures to parts of a form. It can, however, also be used to apply signatures to an entire form. When using a Section control to apply a digital signature to an entire form, it is best to add all of the controls in your form to the section.

 Note    Section signing is supported in Internet Explorer and in the InfoPath Filler.

Signature Line control

The Signature Line control is used to apply digital signatures to forms filled out in the InfoPath Filler and defaults to signing the entire form. Most often, you can simply add the Signature Line control to an appropriate location on the form (usually at the bottom), and there are no further settings to configure. However, the Signature Line control can be configured to allow users to sign a form using an image or to only sign parts of a form.

Setting the Signature Line control to use an image signature is most often used with Hanko stamps, which are commonly used in Japan. To configure the Signature Line control to use an image for digital signatures:

  1. On the form template, place the cursor where you want to insert the control.
  2. From the Home tab, in the Controls group, click the Signature Line control.
  3. Select the Signature Line control.
  4. From the Properties tab, in the Properties group, click the Control Properties button.
  5. In the Signature Line Properties dialog, click the Advanced tab.
  6. In the Appearance section, click Show stamp.
  7. Click OK.

To configure the Signature Line control to sign only a part of the form:

  1. On the form template, place the cursor where you want to insert the control.
  2. From the Home tab, in the Controls group, click the Signature Line control.
  3. Select the Signature Line control.
  4. From the Properties tab, in the Properties group, click the Control Properties button.
  5. In the Signature Line Properties dialog, click the Advanced tab.
  6. In the Specify what parts of the form to sign section, click the Modify button.
  7. Specify the set of signable data using the Select a Field or Group Picker.
  8. Click OK to close the Set of Signable Data dialog.
  9. Click OK again to close the Section Properties dialog.

 Note    The Signature Line control is only available when you are designing a InfoPath 2010 Filler form and is not supported in Web browser forms. Also, the Signature Line control enables InfoPath to support the Collect Signatures - SharePoint 2010 workflow. The Collect Signatures – SharePoint 2010 workflow routes a Microsoft Office document that is saved to a list or library to a group of people to collect their digital signatures.

The Backstage view

The Microsoft Office Backstage view is used to apply digital signatures both in parallel to using Section and Signature line controls and in the absence of any signature controls. It is, however, most often used in the absence of a signature line control when you do not want one on the surface of your form.

To use the Backstage view to collect a digital signature in the absence of any signature controls, you must first enable digital signatures for the form and specify the set of data that users sign.

  1. Click the File tab.
  2. Click Form Options.
  3. Under Category, click Digital Signatures, and then select Allow signing parts of the form.
  4. Click Add.
  5. Enter the name for the data that will be signed, without any spaces, in the first text box.
  6. To the right of the Fields and Groups to be signed text box, click the Select XPath icon.
  7. In the Select a Field or Group dialog, click the field or group for which you want to enable digital signatures.
  8. Click OK.

 Note    The Backstage view is a client-only feature. As a result, it can only be used to apply digital signatures to forms that are filled out using InfoPath Filler.

Add multiple signatures to a form

When designing a form template, you can also specify whether users are allowed to add multiple digital signatures to a form and whether those signatures should be co-signed (each signature is independent of the other signatures) or counter-signed (each signature signs the form, as well as the signatures that precede it). You can configure multiple signatures by using either the Section control or a Signature Line control, as follows:

Section control

  1. Select the Section control then, from the Properties tab, in the Properties group, click the Control Properties button.
  2. Click the Digital Signatures tab.
  3. Select the Allow users to digitally sign this section check box.
  4. Click the Modify button.
  5. Select the appropriate option from the Signature options section.
  6. Click OK.
  7. Click OK to close the Section Properties dialog.

Signature Line control

  1. On the form template, place the cursor where you want to insert the control.
  2. From the Home tab, in the Controls group, click the Signature Line control.
  3. Select the Signature Line control.
  4. From the Properties tab, in the Properties group, click the Control Properties button.
  5. Click the Advanced tab.
  6. Click the Modify button.
  7. Select the appropriate option from the Signature options section.
  8. Click OK.
  9. Click OK to close the Section Properties dialog.

Specifying a confirmation message to display when a signature is applied

You can also specify a confirmation message to show the user when a digital signature is applied. To specify a confirmation message:

Section control

  1. Select the Section control.
  2. From the Properties tab, in the Properties group, click the Control Properties button.
  3. Click the Digital Signatures tab.
  4. Select the Allow users to digitally sign this section check box.
  5. Click the Modify button.
  6. Select the appropriate option from the Signature options section.
  7. Enter the desired message in the Signature confirmation message box.
  8. Click OK to close the Set of Signable Data dialog.
  9. Click OK to close the Section Properties dialog.

Signature Line control

  1. On the form template, place the cursor where you want to insert the control.
  2. From the Home tab, in the Controls group, click the Signature Line control.
  3. Select the Signature Line control then, from the Properties tab, in the Properties group, click the Control Properties button.
  4. On the General tab, set the message in the Message that signers will see before signing box.
  5. Click OK.

Disable digital signatures

Complete the following steps to disable digital signatures for a form:

  1. Click File then, click Form Options.
  2. Under Category, click Digital Signatures.
  3. Click Do not allow signing the form.

Top of Page Top of Page

Digital signatures for InfoPath form templates

In addition to enabling digital signatures so that users can sign forms that are based on your form template, you can also digitally sign the form template that you design. Digitally signing a form template authenticates you as the designer of the form template in the same way that a digital signature on a form authenticates you as the user who filled out the form.

Adding a digital signature to a form template also enables the form template to operate at the Full Trust level. For example, a form template that contains managed code that uses the Full Trust level of security must either be installed on a user's computer or digitally signed by the form template designer so that it can be used remotely.

 Note    If a form template was designed based on an XML Schema, you can enable digital signatures for that form template only if the XML Schema has a node that is in the World Wide Web Consortium (W3C) XML digital signature namespace.

To digitally sign a form template, complete the following steps:

  1. Click the File tab.
  2. Click Form Options.
  3. Click Security and Trust.
  4. Select the Sign this form template check box.
  5. Click Select Certificate.
  6. In the Select Certificate dialog box, click the certificate that you want to digitally sign the form template with.
  7. Click OK.

 Note    If a certificate is not trusted on a user's computer, InfoPath displays a security message and requires the user to enable trust for the certificate issuer before the user can open a form based on your form template.

Top of Page Top of Page

Considerations

  • Lifetime of an InfoPath form digital signature

The digital certificate used to apply a digital signature has an expiration date. When the certificate expires, any digital signatures applied with that certificate is treated as invalid. InfoPath 2010 supports the Office 2010 XAdES-T implementation to address this issue for InfoPath form signatures. For more information on digital signature lifetimes and using XAdES, see Digital Signatures in Office 2010.

  • InfoPath form template signatures

As with form signatures, the digital certificate used to sign a form template also has an expiration date. However, InfoPath 2010 does not provide a mechanism for applying XAdES metadata to a form template. When a digital signature is applied to a form template, the publisher should plan to renew the digital signature using SignTool before the digital certificate expiration date.

  • Security

Digital signatures are only as secure as the cryptographic algorithms they use to ensure signed data hasn't been tampered with. For an introduction to digital signature security in InfoPath 2010, see Digital Signature Support in InfoPath 2010.

Top of Page Top of Page

 
 
Applies to:
InfoPath 2010