Digitally Signing Data in InfoPath 2003
Summary: Learn about the digital signatures features in Microsoft Office InfoPath 2003 Service Pack (SP) 1, and also additions to the InfoPath object model for working with digital signatures programmatically. (39 printed pages)
Mihaela Cris, Mark Roberts, Microsoft Corporation
August 2004
Applies to: Microsoft Office InfoPath 2003, Microsoft Office InfoPath 2003 Toolkit for Visual Studio .NET
Contents
Digital Signatures Overview
Valid Digital Certificates for Signing Data in InfoPath Forms
Defining Counter-Signatures and Co-Signatures
Designing InfoPath Forms with Digital Signatures
Understanding the Digital Signature Status and Verification Process
Verify Digital Signature Dialog Box and Nonrepudiation Data
Using the InfoPath Object Model to Work with Forms Configured for Signing Data
Code Samples
Conclusion
Additional Resources
Digital Signatures Overview
Many business and organizational scenarios require the ability to protect and track valuable data exchanged through documents. Information about who creates the document, and how, when, and by whom certain data is approved is invaluable to readers and contributors to the document. This information reveals how the document was modified during its lifetime, and provides those who worked on the document with a method for certifying their contributions. Microsoft Office InfoPath 2003 SP 1 provides a way to add and track this kind of information by using digital signatures in documents and data created and managed with InfoPath forms.
Digital signatures provide a standards-based method for helping to secure and certify all or specific parts of a document. By using digital certificates, encryption technologies, and other elements of the public key infrastructure, digital signatures provide a way to detect whether sensitive information has been tampered with and to confirm that the data originating from the signer has not been altered since it was signed. For information on how digital signature technology is implemented in the Microsoft Windows platform, see Digital Signatures. For information on digital certificates, see Digital Certificates.
You can use digital signatures in InfoPath 2003 SP 1 to do the following:
Digitally sign the form template (.xsn) file to help ensure the integrity and authenticity of the form template.
Digitally sign data when filling out XML forms, to help ensure the integrity and authenticity of the data, and to provide support for the nonrepudiation of the signatures and the signed data.
This article focuses on the second application of digital signatures: designing form templates that allow users to digitally sign the data in an entire form or parts of the form as they fill them out. For more information, see Digitally code-sign a form template.
The digital signatures infrastructure for signing data in InfoPath forms follows the Worldwide Web Consortium (W3C) XML-Signature Syntax and Processing recommendation (XML Signatures). The infrastructure is based on support from Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office. XML Signatures is designed for transactions that involve XML documents and data. A powerful feature of XML Signatures is the ability to sign only specific sets of data within an XML document. For more information, see W3C XML-Signature Syntax and Processing. For more information on how XML Signatures are implemented in MSXML 5.0, see XML Digital Signatures.
The digital signatures InfoPath creates also provide interoperability with the classes that Microsoft .NET Framework 1.1 provides for working with digital signatures. Applications that use the .NET Framework signature verification classes can verify the signatures that InfoPath creates. Similarly, the InfoPath digital signatures infrastructure can successfully verify digital signatures created by applications that use the .NET Framework digital signatures classes when the signatures are applied to data hosted in InfoPath forms. For more information and code samples, see Adding Digital Signatures to Form Data in InfoPath 2003 Using MSXML 5.0 or .NET Framework Managed Code.
In addition to the user interface commands and features for designing and editing forms that enable digital signing of data, InfoPath provides programmability support for digital signatures. For example, InfoPath allows access to the sets of signable data defined in the form, to the signatures associated with each set of signed data, and to the digital certificates used to create the signatures. You can customize the OnSign event handler in fully trusted forms, thus providing support for advanced processing of digital signatures in InfoPath forms.
This article provides conceptual, procedural, and programming information on the following InfoPath data signing features:
The kinds of digital certificates that are valid for signing data in InfoPath forms.
The difference between co-signing and counter-signing data.
How to design and configure forms to enable digital signatures, and how users of InfoPath forms work with digital signatures.
An overview of the object model for extending and working with digital signatures in InfoPath form code, and examples of how to customize the OnSign event handler for forms you configure for signing data.
Note
The digital signatures features described in this article require InfoPath 2003 with Microsoft Office 2003 Service Pack 1 or later. For information on downloading Office 2003 updates, see the Office Online Downloads page.
Valid Digital Certificates for Signing Data in InfoPath Forms
Not all digital certificates can be used to sign data in InfoPath forms. For a certificate to be valid, it must be an X.509 digital certificate with the following set of characteristics:
The Key Usage attribute value must include Digital Signature or Non-Repudiation. While certificates with the value set to Digital Signature or Both can be used to sign, certificates with the value set to Exchange cannot be used to sign data in InfoPath forms.
The certificate must not be expired or revoked, and the date of issue must be in the past.
The certificate must be associated with a private key on the user's computer.
To be trusted, the certificate authority that issued the certificate must be in the Trusted Root Certification Authorities store on the user's computer.
Note
Installed digital certificates that are not trusted are available, and can be used to sign data in InfoPath forms, even though they create a signature that is not trusted. However, the signature becomes valid once the certificate authority that issued the certificate is added to the Trusted Root Certification Authorities store on a user's computer.
Viewing and Managing Digital Certificates
You can view and manage the digital certificates stored on a computer.
To view and manage digital certificates
In Windows XP or Windows 2000, on the Start menu, click Run.
In the Open box, type MMC, and then click OK.
On the File menu, click Add/Remove Snap-in.
In the Add/Remove Snap-in dialog box, click Add.
In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
In the Certificates snap-in dialog box, click My user account, and then click Finish.
In the Add Standalone Snap-in dialog box, click Close.
In the Add/Remove Snap-in dialog box, click OK.
Certificates that InfoPath can use for signing data become a subset of the certificates installed in the Personal folder. The certificates of trusted certification authorities are installed in the Trusted Root Certification Authorities folder.
Requesting a Digital Certificate from the Certificates Snap-in
You can request a digital certificate if your company or organizational intranet is configured to provide digital certificates from the Certificates Snap-in.
To request a digital certificate from the Certificates Snap-in
Open the Certificates Snap-in.
Right-click the Personal folder, point to All Tasks, and then click Request New Certificate.
Requesting a Digital Certificate from a Windows Server 2003 Certificate Authority
You can request a digital certificate if your company or organizational intranet is configured to provide digital certificates from a Microsoft Windows Server 2003 Certificate Authority.
To request a digital certificate from a Microsoft Windows Server 2003 Certificate Authority
Open the Microsoft Certificate Services Web page (request this information from your system administrator).
Click Request a certificate, and then click advanced certificate request.
Click Create and submit a request to this CA.
On the Advanced Certificate Request page, fill in the requested information, making sure to specify the Key Usage value as Signature or Both.
Click Submit, and then click Install this certificate.
If the certificate for the issuing certificate authority (CA) is not already in your Trusted Root Certification Authorities folder, you are prompted to add the CA to this folder. Click Yes.
You can also obtain a digital certificate from a certification authority such as VeriSign, Inc., Entrust, or GlobalSign, or from your system administrator.
Defining Counter-Signatures and Co-Signatures
When you set up specific parts of data for signing in a form that you create with InfoPath 2003 SP 1, you can choose to configure the digital signatures as either co-signatures or counter-signatures. Additionally, you can restrict the number of signatures to allow only one. When you configure digital signatures for the entire form, by default, optional counter-signatures can follow the initial signature. It is possible to allow only one signature when you configure a form for signing the entire form, but this requires writing custom code in the OnSign event hander.
Co-signing is the action of allowing two or more parallel and independent signatures on the same set of data. The status of any co-signature does not affect the status of other co-signatures or prevent the addition of other signatures to the same set of data. Along with each signature, InfoPath stores some additional data, such as comments and non-repudiation data, in the Signature element of the document. If the signed data in the form is tampered with, all co-signatures associated with that set of data become invalid. If the data in the Signature element, such as the nonrepudiation data or the comments associated with it, is tampered with, then only that signature becomes invalid. When using co-signatures for a specific set of signed data, any signature in the list of co-signatures can be deleted at any time without affecting the other signatures. Additionally, InfoPath allows adding new co-signatures, even if the status of a previously added signature is other than Valid.
Counter-signing is the action of signing data that includes another signature. Counter-signing requires that signatures have a precise sequence in which they can be deleted without invalidating the other signatures. Adding the first signature to a set of data signs the data itself. Adding a second signature does not sign the data in the form, but instead signs the first signature. Each additional counter-signature signs the previous signature. If the signed data itself is tampered with, only the first signature in the list becomes invalid; the status of the rest of the counter-signatures remains unchanged. If the data stored with a particular signature (in the Signature element) is tampered with, such as the comments or nonrepudiation information for that signature, then that signature and the following signature become invalid. For a specific set of signable data, only the last signature in the list can be deleted without affecting any of the others. For a set of signable data configured for counter-signatures, no other signatures can be added after a signature with the status other than Valid. That signature must be deleted before additional counter-signatures can be added.
Table 1 summarizes the functionality associated with co-signatures and counter-signatures in InfoPath 2003 SP 1.
Table 1. Types of Signatures and their Relationships in InfoPath 2003 SP 1
| Signature relationship | Co-signatures | Counter-signatures | Allow only one signature |
|---|---|---|---|
Signing the entire form |
No |
Yes |
Not from the user interface, but you can limit to one signature by customizing the OnSign event. |
Signing a part of the form |
Yes |
Yes |
Yes |
Can have additional signatures when the status of a signature in the list is Invalid |
Yes (after a warning) |
No |
No |
Can have additional signatures when the status of a signature in the list is Error |
Yes (after a warning) |
No |
No |
Can have additional signatures when the status of a signature in the list is Revoked |
Yes (after a warning) |
No |
No |
Can have additional signatures when the status of a signature in the list is Not Trusted |
Yes |
Yes (after a warning) |
No |
Can have additional signatures when the status of a signature in the list is Expired |
Yes |
Yes (after a warning) |
No |
Designing InfoPath Forms with Digital Signatures
InfoPath 2003 SP 1 allows users either to sign all of the data in a form when they edit it, or to sign parts of the data in the form. You can implement these features when you design your InfoPath form templates, and you can customize the XPath expression with which you specify a set of signable data.
Enabling Digital Signatures for the Entire Form
When you enable digital signatures for an entire form, the form users must enter all the data they require before they sign the form. After the first signature is added, all controls in the form and the form's XML Document Object Model (DOM) become read-only, and the text [Signed] appears in the title bar. Other users who open the form cannot enter data; they can only add, remove, or verify counter-signatures.
Signing the form locks all the data in the form, including data that does not appear in any of the views. This data includes the form header, which specifies the path to the form template. Because the form template path is signed, changing the path to the form template specified in the signed XML form (for example, to correct the path after moving the form template) invalidates the first signature, while any counter-signatures remain valid. If your usage scenario involves moving the form template, you can avoid invalidating any signatures by including all of the form data in a single section and defining this section as a set of signable data that uses counter-signatures. This approach not only solves the template location problem but also supports the features specific to partial signatures. These features include the in-document display of digital signatures and the ability to specify which controls are disabled when the data is signed.
Configuring digital signatures for the entire form has the following consequences and features:
The form's header node is included in the data.
Only counter-signatures are supported.
You can define an optional prompt that appears if the user does not sign the form before submitting it.
InfoPath stores all signatures in a signatures container node, which is a child of the root node.
To limit users to only one signature when signing the entire form, you can customize the OnSign event. For more information and sample code, see Limiting the Number of Signatures in a SignedDataBlock Object.
To enable digital signatures for the entire form
On the Tools menu, click Form Options.
On the Digital Signatures tab, select Enable digital signatures for the entire form (Figure 1).
Optionally, you can select the Prompt user to sign a form if it is submitted without a signature check box, and then enable Submit commands and other settings. Note that this option only provides a prompt; it does not actually prevent submitting, if the user chooses not to sign the form.
Figure 1. Enabling digital signatures for the entire form
.gif)
Enabling Digital Signatures for Parts of the Form
When you enable digital signatures for parts of the form, the signatures apply only to specific data in the form. To enable digital signing for specific data in the form, you must define a set of signable data. Each part of the form that requires signing must be associated with a set of signable data.
The InfoPath user interface provides two ways to enable digital signatures for parts of the form: by using the Form Options dialog box or by using the Section Properties dialog box (applies only to Section or Optional Section controls). You can use either method to specify signing for a set of data; the difference is in the way InfoPath displays the signatures in the form view and in the way the controls become disabled by default when signed.
You can enable digital signatures for specific data in the form for individual controls or for a group of controls. The control or group of controls can be in a container such as a section or optional section.
The following limitations apply to digital signatures enabled for parts of a form:
By default, the InfoPath digital signatures infrastructure does not support enabling digital signatures for an individual item in a repeating element; a user can only sign the entire element. For example, if you enable digital signatures for a section or control within a repeating section, adding a digital signature to one of the repeating items signs all items in the section.
The first time you switch settings from signing the entire form to signing specific data in the form (by using the Digital Signatures tab on the Form Options dialog box), InfoPath saves the change but does not display it in design mode. Although users can sign the form when they fill it out, the form appears in design mode as if signatures are not defined. To display the change in design mode, you must repeat the operation for configuring digital signatures for specific data in the form.
Enabling Signatures for Parts of the Form with the Form Options Dialog Box
You can use the Digital Signatures tab on the Forms Options dialog box to enable digital signatures for parts of the form and to create the specifications for sets of signable data (Figure 2).
Figure 2. Enabling digital signatures for parts of the form
.gif)
Note
With the Digital Signatures tab on the Form Options dialog box, you can add, remove, and modify sets of signable data. It is the only user interface element with which you can delete the definitions of sets of signable data and change the mode for digitally signing data to signing the entire form, to signing sets of data, or to no signing whatsoever. You can only use the Section Properties dialog box to change from signing the entire form to signing sets of data. After you remove the definition for the last set of signable data from the Data in the form that can be signed list, you must explicitly select the Do not enable digital signatures option before you can close the dialog box.
To enable digital signatures for part of the form by using the Form Options dialog box
On the Tools menu, click Form Options.
On the Digital Signatures tab, click Enable digital signatures for specific data in the form.
Click Add to define a set of signable data.
In the Set of Signable Data dialog box (see Figure 3), set all the attributes necessary to uniquely associate the specification for the set of signable data with the data that you want users to sign.
The specification for a set of signable data must include the following:
A unique name.
An XPath expression that defines the form data to be signed. For more information, see Specifying the XPath Expression for a Set of Signable Data.
The container node where InfoPath is to store all signature data.
The relationship between the signatures that can sign the set of data.
The message InfoPath displays to users before they add a signature.
The relationship between signatures on the set of signable data (Signature options) can be one of the following:
Allow only one signature.
All signatures are independent (co-signatures).
Each signature signs the preceding signatures (counter-signatures), or more explicitly, the first signature signs the data, and any subsequent signature signs the previous signature.
Figure 3. Set of Signable Data dialog box
.gif)
To enable signatures for parts of a form, you must define at least one set of signable data, and you can define as many sets of signable data as you need.
InfoPath disables the ability to specify a group in which to store signatures in form templates that were not created with an open schema. For such templates, InfoPath creates the signature container node automatically and adds it to the schema that InfoPath autogenerates during form design. To specify this setting for a form template that was created with an open schema, you must start your form template design with a node that has a content model with a wildcard character in the XML Signatures namespace, as follows: "http://www.w3.org/2000/09/xmldsig#"
For a form that you configure for signing sets of data, InfoPath creates one container node for each set of signable data that you define. Each container node contains all signatures that are added to the assigned set of signable data. All signature container nodes are wrapped by another container node that is a child of the root node.
Enabling Conditional Formatting for Digitally Signed Data
When you enable digital signatures for parts of the form by using the Form Options dialog box, InfoPath does not disable the controls specified by the XPath expression defined for the set of signable data when the data is signed, although the associated XML DOM becomes read-only.
Figure 4 shows the message InfoPath displays when a user attempts to edit controls that contain data that is already signed.
Figure 4. Message displayed when user tries to edit data in a signed control
.gif)
For InfoPath to disable a control after it is signed, each control specified by the XPath expression must have a conditional formatting rule that specifies when InfoPath is to disable the control.
To add a conditional formatting rule to a control
Open the Properties dialog box for the control.
On the Display tab, click Conditional Formatting.
Click Add to define a new conditional formatting rule.
In the first drop-down list of the condition definition, click Select Set of Signable Data.
In the Select Set of Signable Data dialog box, select the set of signable data that you want InfoPath to disable after it is signed, and then click OK.
In the second drop-down list of the condition definition, click is signed.
Select Read-only as formatting.
Figure 5 shows the conditional formatting rule added to a set of signable data.
Figure 5. Conditional formatting related to digital signatures in MySignature set of signable data
.gif)
You cannot apply read-only conditional formatting to container controls such as sections or optional sections. You can apply it only to basic controls such as text boxes, check boxes, option buttons, and list boxes. You can, however, apply other types of conditional formatting to sections and optional sections that you configure for digital signing.
Enabling Signatures for Parts of the Form with the Section Properties Dialog Box
You can use the Section Properties dialog box to enable digital signatures for the set of controls contained within a Section or Optional Section control. These two container controls are the only ones that support digital signatures and the only ones you can configure for digital signing directly through their properties dialog boxes. The user interface for several features is available only through the Digital Signatures tab of this dialog box (Figure 6).
With the Section Properties dialog box, you can associate a set of signable data with a section. You can associate a set of signable data that you defined previously, or you can define the signable data when you define the association. With this dialog box, you can also enable one digital signature for all controls in an entire section. By default, all controls contained in the section become read-only when the section is signed. The XPath expression that defines the set of signable data associated with the section also defines the data that is signed when the section is signed. By customizing this XPath expression, you can add additional controls and data to the default set of data that is bound to the controls within the section. For more information, see Specifying the XPath Expression for a Set of Signable Data.
By default, when you use the Section Properties dialog box to enable digital signatures, InfoPath adds conditional formatting to disable editing in all the controls in the section after the data is signed. The When signed, make controls read-only check box controls this feature, and it is selected by default. Any controls you add to the section after you configure the digital signatures settings for the section do not have conditional formatting set, unless you clear and then select the When signed, make controls read-only check box. You can also manually set conditional formatting for individual controls, as described in Enabling Conditional Formatting for Digitally Signed Data.
The When signed, make controls read-only check box has three states:
Selected. All controls that exist in the section when you associate it with the set of signable data become read-only after the first signature is added.
Cleared. All controls that exist in the section when you associate it with the set of signable data remain editable after it is signed. However, the associated XML DOM becomes read-only after the first signature is added. At that point, no user can change any data bound to these controls, and InfoPath displays a warning message if any user attempts to do so.
Unknown. InfoPath cannot determine whether the controls in a section have associated conditional formatting to make them read-only after signing.
Note
After you associate a section with a set of signable data for the first time, InfoPath displays the When signed, make controls read-only check box in the unknown state when you re-open the Digital Signatures tab of the Section Properties dialog box. This happens whether you configure all the controls in the section to have read-only conditional formatting or not. To determine the actual conditional formatting settings for controls within the section, you can preview the form, or you can use the Conditional Format dialog box to examine the conditional formatting settings for each of the controls.
Figure 6. Configuring a section control for digitally signing data
.gif)
Use the Digital Signatures tab of the Section Properties dialog box to:
Enable digital signatures for specific data in the form.
Define a set of signable data and associate it with the section. (If you do so when you have selected Enable digital signatures for the entire form in the Form Options dialog box, InfoPath changes that setting to Enable digital signatures for specific data in the form.)
Associate an existing set of signable data with the section.
Modify an existing set of signable data.
Select the When signed, make controls read-only check box, which adds conditional formatting to all controls in the section.
Select the Show signatures in the section check box to enable user interface icons and text that display in the form to show the digital signatures of the users who signed the section. When you select this check box, then after the section is signed, InfoPath displays an icon and link for each signature. By clicking a signature link, users can display the Verify Digital Signature dialog box that provides details about the signature and about the signed data.
When you use the Section Properties dialog box to associate a section with a set of signable data, InfoPath displays an icon and a Click here to sign this section link below the section when the user edits the form (see Figure 7). When the user clicks this icon or link, InfoPath displays the Digital Signatures Wizard with which the user can select a digital certificate, sign the data, and then verify the signed data.
Figure 7. UI elements that appear when you configure a section for signing data
.gif)
Table 2 summarizes the differences and similarities between enabling digital signatures in the Digital Signatures tab of either the Form Options or the Section Properties dialog box.
Table 2. Differences in Enabling Digital Signatures in the Digital Signatures Tab of the Form Options or Section Properties Dialog Box
| Actions | Form Options Dialog Box | Section Properties Dialog Box | Details |
|---|---|---|---|
Enable digital signatures for specific data in the form |
Yes |
Yes |
Form must have at least one set of signable data. |
Enable digital signature for the entire form |
Yes |
No |
Signs all data in the form, including data that is not bound to controls. |
Disable digital signatures in the form |
Yes |
No |
None |
Add or modify the definition of a set of signable data |
Yes |
Yes |
Use the Set of Signable Data dialog box. |
Remove the definition of a set of signable data |
Yes |
No |
After removing the last set of signable data, manually select the Do not enable digital signatures option. |
Associate a section with a set of signable data, and enable the Click here to sign this section icon and link in the view for signing |
No |
Yes |
XPath expression defines signed controls. |
Remove the association between a section and a set of signable data |
No |
Yes |
Removes only the association and the Click here to sign this section icon and link that appear below the control when editing the form. The definition of the set of signable data remains in the form, and form users can still sign the data by clicking Digital Signatures on the Tools menu or the Digital Signatures button on the Standard toolbar. Also, existing conditional formatting is not modified. |
Show all signatures added to a section during editing |
No |
Yes |
Click the signature to display the Verify Digital Signature dialog box with signature details. |
Make all controls read-only when signed |
No |
Yes (by default, InfoPath makes all controls within a section read-only after the section is signed) |
Use the Properties dialog box to change conditional formatting for individual controls contained within a section. |
Mix read-only controls with editable controls after form is signed |
Yes |
Yes |
Use the Properties dialog box to change conditional formatting for each control. |
Set the name and XPath expression automatically when you define a set of signable data |
No |
Yes (by default, the name and XPath expression are set to the group that is bound to the section) |
None |
Enabling Digital Signatures and Defining Signable Data in a Single Operation
You can enable digital signatures for the controls within a section and define the set of signable data in a single operation.
To enable digital signatures and define the set of signable data
Design a form and add a Section or Optional Section control to the view. By default, the name of the group in the schema associated with this section is groupn, where n is an integer value.
Place all required controls in the section. The elements bound to these controls are children of the group element created in step 1.
Right-click the section, and then click Section Properties.
On the Digital Signatures tab, select the Allow users to digitally sign this section check box.
In the Sign the following data in the form when this section is signed drop-down list, select Add data that can be signed.
In the Set of Signable Data dialog box, define the set of signable data that you want to associate with the section, as follows:
InfoPath provides a default name, but you can provide your own name. Regardless of how the name is defined, it must be unique, or InfoPath does not allow you to define the set of signable data.
InfoPath automatically creates an XPath expression with its value set to the current section by default. Typically, this value is the one you want to use, but you can change it by typing another value (for example, the expression
/my:myFields/my:group1 | /my:myFields/my:MyCustomField1signs the field named "MyCustomField1" together with the section named "group1"). Alternatively, you can create a value by clicking Select XPath and specifying the expression in the Select a Field or Group dialog box. For more information, see Specifying the XPath Expression for a Set of Signable Data.Specify the signature type by using one of three option buttons: Allow only one signature, All signatures are independent (co-sign), or Each signature signs the preceding signatures (counter-sign).
Choose whether to change the value of the default message that InfoPath displays to the user in the Verify Digital Signature dialog box. For more information, see Verify Digital Signature Dialog Box and Nonrepudiation Data.
Click OK.
Set the desired value for the Show signatures in the section check box.
Set the desired value for the When signed, make controls read-only check box.
You can associate an existing set of signable data with a section.
To associate an existing set of signable data with a section
Design a form, and add a section to the view. By default, the name of the group in the schema associated with this section is groupn, where n is an integer value.
Place all required controls in the section. The elements bound to these controls are children of the group created in step 1.
On the Tools menu, click Form Options.
On the Digital Signatures tab, click Enable signature for specific data in the form.
Click Add, and then use the Set of Signable Data dialog box to define the set of signable data you want to associate with the section, as follows:
Provide a unique name that you have not used for any other set of signable data in the form.
Set the value for the XPath expression of the data that form users can sign. Type the XPath expression, or click the Select XPath button and then use the Select a Field or Group dialog box to specify the value of the expression. For more information, see Specifying the XPath Expression for a Set of Signable Data.
Specify the signature type by using one of three option buttons: Allow only one signature, All signatures are independent (co-sign), or Each signature signs the preceding signatures (counter-sign).
Choose whether to change the value of the default message that InfoPath displays to the user in the Verify Digital Signature dialog box. For more information, see Verify Digital Signature Dialog Box and Nonrepudiation Data.
Click OK.
Right-click the section, and then click Section Properties.
On the Digital Signatures tab, select the Allow users to digitally sign this section check box.
In the Sign the following data in the form when this section is signed drop-down list, select the set of signable data defined in step 5.
Set the desired value for the Show signatures in the section check box.
Set the desired value for the When signed, make controls read-only check box.
Specifying the XPath Expression for a Set of Signable Data
You define a set of signable data by specifying an XPath expression that identifies the data to be signed. You specify this XPath expression in the Fields or groups to be signed field in the Set of Signable Data dialog box. You can type this value, or you can click the Select XPath button to create the expression in the Select a Field or Group dialog box.
The XPath expression for a set of signable data follows the specifications of XPath expressions in an XML document. Table 3 shows examples of XPath expressions for signatures.
Table 3. Examples of XPath Expressions for Sets of Signable Data
| XPath expression | Description |
|---|---|
|
Signs the data in the <group1> node, including all child nodes (assuming that group1 is a container node). |
|
Signs the data in the <Name> node. This data can be bound to a text box or other basic control, or it can be the value of an attribute that may or may not be bound to any control in the form. |
|
Signs the data in the <group1> node, including all child nodes, plus the data in the <Name> node. The data in the <Name> node can be bound to a text box or other basic control, or it can be the value of an attribute that may or may not be bound to any control in the form. |
|
Signs everything under the root node; that is, all nodes contained in the form's root node. |
Note
InfoPath does not accept XPath expressions that use axes other than child:: or descendent:: or any expressions that use predicates.
To change or extend the definition of a set of signable data, you can modify the XPath expression that specifies the data to be signed.
To modify the XPath expression for a set of signable data
If you are working with a section, right-click the section and then click Section Properties.
If you are working with a set of data that you defined by using the Form Options dialog box, on the Tools menu, click Form Options.
On the Digital Signatures tab, select the set of signed data, and then click Modify.
In the Set of Signable Data dialog box, edit the XPath expression.
To modify the XPath expression for a set of signable data to enable signing three sections in a form at once.
Add three sections to the form (either Section or Optional Section). By default, InfoPath names the corresponding nodes in the schema as group1, group2, and group3. Add the necessary controls to each section.
On the Tools menu, click Form Options.
On the Digital Signatures tab, select Enable signatures for specific data in the form, and then click Add.
In the Set of Signable Data dialog box, type the name, MultiSectionSignature, and then type the following XPath expression (changing the group names, if you are not using the default names).
/my:myFields/my:group1 | /my:myFields/my:group2 | /my:myFields/my:group3This XPath expression specifies a set of signable data that includes all three sections.
For each of the three section controls bound to the groups in the XPath expression, follow these steps:
Right-click the control, and then click Section Properties.
On the Digital Signatures tab, select Allow users to digitally sign this section, and then select MultiSectionSignature in the drop-down list.
After you perform these steps, you can see the Click here to sign this section icon and link following each of the three sections. When a user signs any one of these sections, all three sections are signed, and the signature appears after each section (assuming you selected the Show signatures in the section check box).
Note
If no association exists between a section and a set of signable data, the drop-down list on the Digital Signatures tab of the Section Properties dialog box selects the first set of signable data in the list. You must choose the correct set of signable data or add a new one. If you accept the default set of signable data, InfoPath displays the signature a user adds to that set of signable data for any other sections associated with that set of data. This is because the user interface display of a signature associated with a section is independent from the XPath expression that defines the data to be signed. You must take care to bind the correct set of signable data to the correct section control, depending on the signing scenario.
If you have not already defined an association between a section control and a set of signable data, the drop-down list on the Digital Signatures tab of the Section Properties dialog box displays the name of the previously associated set of signable data.
Because it is possible to specify data that is not bound to controls for digital signing, a user may be signing data that does not appear in the view. However, the Verify Digital Signature dialog box displays an image that is a snapshot of only the data that was visible in the view when the user added the signature. You should ensure that all significant data that the user is signing appears in the view, so that users can view it when approving the signature in the Verify Digital Signature dialog box. For more information, see Verify Digital Signature Dialog Box and Nonrepudiation Data.
Identifying Signed Data in the View
When a user fills out a form, the user may point to or attempt to select a control or set of controls that contains data that is signed. If this happens, the signed control displays an icon in the upper right corner that indicates that the data bound to that control is locked and cannot be changed. InfoPath does not display this icon if you have configured the entire form for signing; instead, InfoPath disables the entire form. Figure 8 shows the icon indicating that the MySignedData text box control is signed and locked.
Figure 8. Signed text box control
.gif)
Understanding the Digital Signature Status and Verification Process
While editing a form, a user can click Digital Signatures on the Tools menu or the Digital Signatures button on the toolbar to display a list of the digital signatures in the form in the Digital Signatures dialog box. The Status column in the list displays one of the values shown in Table 4 for each signature.
Table 4. Digital Signature Status Values
| Status | Description |
|---|---|
Valid |
The signed data and the attached signature data have not been changed since the data was signed. The signature verification operation was successful. |
Invalid |
The signed data or the attached signature data has been tampered with. |
Error |
The data contained in the Signature element or the signature template itself is malformed, or some other error occurred during verification. In other words, the signature is cryptographically valid, but either it does not conform to the XML Signature standard, or it contains data in a format that InfoPath does not support. |
Revoked |
The digital certificate used to sign the data has been revoked. |
Not Trusted |
The digital certificate used to sign the data is not trusted, because no chain of trust can be identified. |
Expired |
The digital certificate used to sign the data is expired. |
The Status value displayed in the Digital Signatures dialog box results from a combination of the signature status (which can be valid, invalid, error, or unsupported) and the certificate status (which can be valid, error, revoked, not trusted, or expired), where the certificate status takes precedence over the signature status. For example, if the signature status is Valid (the hash of the signature indicates that the signature and the signed data have not been tampered with), but the certificate status is not trusted, InfoPath displays the combined status as Not Trusted. You can work programmatically with the Status property of the Signature and Certificate objects to access the status of the signature or certificate independently. To see a code sample that shows how to do this, see Building a Task Pane for Displaying Information about Digital Signatures.
Figure 9 shows the signature status as displayed in the Status column of the Digital Signatures dialog box.
Figure 9. Signature status displayed in Status column of Digital Signatures dialog box
.gif)
Figure 10 shows a signature status message that InfoPath displays when the user attempts to apply an invalid signature while editing the form.
Figure 10. Invalid signature status message displayed during editing
.gif)
When you click the View Signed Form button in the Digital Signatures dialog box, InfoPath displays the Verify Digital Signature dialog box. This dialog box provides more detailed information about the state of the form when it was signed and the computer on which it was signed. When you click View Certificate, InfoPath displays the Windows Certificate dialog box, which provides details about the certificate used to sign the data.
You can also access the status of the signature or the certificate through the digital signatures object model. For more information, see Using the InfoPath Object Model to Work with Forms Configured for Signing Data.
The InfoPath infrastructure verifies the digital signatures in the form at the following times:
When the user loads the form.
When the user saves the form.
When the user submits the form.
When the user adds a signature to the form.
When InfoPath displays the Digital Signatures dialog box in response to the Digital Signatures command or button, or because InfoPath calls the ShowSignatureDialog method of the UI object.
When InfoPath calls the Sign method of the SignedDataBlock object from the OnSign event handler.
When a user loads your form, if InfoPath cannot identify any of the signatures in the form as valid, it displays a warning message.
When a user edits your form, in the form view, InfoPath replaces the name of an invalid signature with the following text, in red: "There is a problem with this signature".
InfoPath shows digital certificates that have a status of Not Trusted as available for use in signing, but such certificates create signatures that display the Not Trusted status. InfoPath does not show expired or revoked certificates as available for use in signing.
Verify Digital Signature Dialog Box and Nonrepudiation Data
InfoPath stores the following additional nonrepudiation data with the signature and displays it in the Verify Digital Signature dialog box (see Figure 11).
An image of the current view as a Base 64-encoded Portable Network Graphics (.png) file that InfoPath captured when the user created the signature. You can use this image to verify the state of the form as the user saw it when signing.
The status of the signature with details.
Any comments the user added when signing the form.
A message you defined (InfoPath displays this message only when the user is verifying the signature in the next-to-last panel of the Digital Signature Wizard).
Information about the certificate the user used to create the signature. You can see this information by clicking View Certificate in the Verify Digital Signature dialog box.
The system date, time, and time zone when the user signed the data.
The versions of Windows, Microsoft Office, and InfoPath in use when the user signed the form.
The number of monitors and the resolution of the primary monitor.
The form template fingerprint, which is a cryptographic hash value of the form template. InfoPath uses this value to identify any changes a user makes to the form template that may cause the signed data to display differently or have a different meaning. InfoPath does not display this value when you preview the form.
The name of the view that InfoPath displayed to the user when the user added the signature.
The form user signs this nonrepudiation information along with the form data so that any changes to the stored nonrepudiation data invalidate the signature. InfoPath invalidates the form data if anyone tampers with the data in the sp:NonRepudiation element of the underlying XML file after the user signs the data.
If a user loads a signed XML form into a different version of the same form template or a different form template, the signature remains valid as long as no one changes the signed data in the XML file. One of the important roles of the Verify Digital Signature dialog box is to provide information about the view InfoPath presented to the user when the user signed the data. InfoPath provides this information by way of the PNG image and other information that allows InfoPath to re-create an identical view that originates from the same data.
Figure 11. Verify Digital Signature dialog box
.gif)
A form user accesses the Verify Digital Signature dialog box through the following user interface elements:
In the Digital Signatures Wizard, on the last panel of the wizard.
In the Digital Signatures dialog box, by selecting a signature and then clicking View Signed Form.
By clicking a signature InfoPath displays when the user edits the form (if you selected the Show signatures in the section option from the Section Properties dialog box when you designed the form).
InfoPath displays the Verify Digital Signature dialog box automatically, as part of the Digital Signatures Wizard, under the following conditions:
Before the user adds a signature, in the next-to-last panel of the Digital Signatures Wizard. The user must review all data and the image that is to be stored with the signature, select the I have verified this content before signing check box, and then click the Sign button to add the signature to the form. If the user does not want to verify this information, the user can cancel the signing operation.
Immediately after the user adds a signature, to confirm the success of the signing operation.
InfoPath captures the nonrepudiation data when the user creates the signature. In a form template for which you have not defined a custom event handler for the OnSign event, InfoPath creates the signature when the OnSign event occurs, as follows:
When the user clicks Next in the first panel of the Digital Signatures Wizard, after selecting the set of signable data and before the second panel appears in which the user selects the certificate with which to sign.
When the user clicks Click here to sign this section in the view, and before the user selects the certificate with which to sign.
When InfoPath calls the Sign method of the SignedDataBlock object for a specific set of signable data.
When you have defined a custom event handler for the OnSign event, InfoPath captures the nonrepudiation data when the event handler calls the Create method of the Signatures collection in the OnSign event handler.
The nonrepudiation data section is extensible. You can add custom nonrepudiation data to your template, but you must qualify it with a different namespace. For more information, see Adding Custom Data to the Nonrepudiation Data.
Note
InfoPath cannot display the Verify Digital Signature dialog box programmatically, but only through the user interface. The Verify Digital Signature dialog box can display only the default data stored with the signature. InfoPath does not display any additional custom data that it stores with the signature in this dialog box. To program InfoPath to display this information, you can create custom user interface elements, such as views, dialog boxes, or task panes, in your form template.
Using the InfoPath Object Model to Work with Forms Configured for Signing Data
InfoPath 2003 SP 1 provides additions to the InfoPath object model that you can use to work with digital signatures in forms you configure for signing data.
Table 5 summarizes information about the objects, collections, and members you can use to work with digital signatures.
Table 5. Objects and Collections for Working with Digital Signatures
| Object or collection | Description |
|---|---|
SignedDataBlocks |
The collection of the SignedDataBlock objects (sets of signable data) in the form template, as defined in the form definition file (.xsf). The SignedDataBlocks collection implements properties that you can use to access the SignedDataBlock objects you associate with a form. You access the SignedDataBlocks collection through the SignedDataBlocks property of the XDocument object. InfoPath uses the Item method and Count property of the SignedDataBlocks collection to access and count the SignedDataBlock objects in the collection. You can provide a name or index value in your form code that allows InfoPath to use the Item method to access a SignedDataBlock object. |
SignedDataBlock |
Represents a set of signable data in an InfoPath form. The SignedDataBlock object provides the Sign method, which invokes the Digital Signatures Wizard through which a form user can add a digital signature to a set of signable data that the user selects. The SignedDataBlock object provides the following properties:
|
Signatures |
The collection of Signature objects for each set of signable data in the form, represented as a SignedDataBlock object. You access the Signatures collection through the SignedDataBlock object. The Signatures collection provides the Create method (no parameters), which creates a Signature object (gets a snapshot of the view plus additional signature information) without adding it to the form. To add this signature to the form, you program InfoPath to call the Sign method of the Signature object. InfoPath calls the Create method only from the OnSign event handler, which only a fully trusted form template can execute. InfoPath uses the Item method and Count property of the Signatures collection to access and count the Signature objects in the collection. |
Signature |
Represents a digital signature that a form user added to a form or set of signable data in a form. The Signature object provides the Sign method for writing the XML digital signature block and computing the cryptographic hash for the signed data. The Signature object provides the following properties for retrieving information about the digital signature:
|
Certificate |
Represents the X.509 digital certificate with which the form user created the signature. The Certificate object provides the following properties:
To view a code sample that shows how to use the Certificate object to display the properties of a signature, see Displaying Information about a Digital Signature. To view a code sample that shows how to create a task pane that displays information about digital signatures, see Building a Task Pane for Displaying Information about Digital Signatures. |
XDocument |
Represents the underlying XML document of an InfoPath form. The XDocument object provides the IsSigned property, which indicates whether the user digitally signed the form or part of the form, and the SignedDataBlocks property, which returns the collection of sets of signable data you defined in the form. |
UI |
Represents various user interface components that you can use in an InfoPath form. The UI object provides the ShowSignatureDialog method, which displays the Digital Signatures dialog box if you enable digital signatures for the form; otherwise, it returns an error. |
Table 6 summarizes information about the OnSign event and SignEvent object that you use to work with digital signatures.
Table 6. Descriptions of the OnSign Event and SignEvent Object for Working with Digital Signatures
| Item | Description |
|---|---|
OnSign event |
Occurs after a user selects a set of signable data to sign. The following actions trigger the OnSign event:
When the default OnSign event handler runs, InfoPath captures a snapshot of the view (stored as a .png file) and additional data, and then creates a new signature template that contains this information. InfoPath adds this signature information to the form only when the form user clicks the Sign button in the last page of the Digital Signature Wizard. You can customize the OnSign event handler by pointing to Programming on the Tools menu and then clicking On Sign Event. The customized OnSign event handler runs only in a fully trusted form template. When you use any of the Sign methods in the InfoPath object model, form users cannot add a signature without clicking the Sign button in the Digital SignatureWizard to manually confirm that they agree to add the signature. However, you can write your own code for creating and adding signatures, and you can customize the OnSign event handler to invoke your code. For more information and a code sample, see Adding Digital Signatures to Form Data in InfoPath 2003 Using MSXML 5.0 or .NET Framework Managed Code. You can use this kind of customization when you predefine the certificate that form users can use to sign the form, and when you do not want users to use the wizard to select a certificate. |
SignEvent object |
The event object that InfoPath uses during the OnSign event. The SignEvent object provides the following properties:
|
For more information on using Microsoft JScript to work with these object model members, including JScript code examples, see the InfoPath Developers Reference that is part of the Help system installed with InfoPath 2003 SP 1. For more information on using Microsoft Visual C# or Microsoft Visual Basic .NET to work with these object model members, including C# code examples, see the Help system installed with the Microsoft Office InfoPath 2003 Toolkit for Visual Studio .NET.
Code Samples
This section provides code examples that show you how to work with the InfoPath object model to create the following usage scenarios:
Displaying the Digital Signature Wizard if a user does not sign a form before submitting it.
Limiting the number of signatures users can add to a set of signable data.
Adding custom data to the nonrepudiation data that InfoPath stores with the signature.
Displaying information about a digital signature.
Building a task pane that displays information about the digital signatures in a form.
Note
Form code that works with digital signatures uses object model members that require security level 3. These object model members execute only in a fully trusted form. For details about how to deploy a fully trusted form, see Making a Form Template Fully Trusted.
Requiring a User to Sign a Form Before Submission
The following example uses code in the OnSubmitRequest event handler to display the Digital Signature Wizard if a user tries to submit the form without signing it. InfoPath displays the Digital Signature Wizardbefore performing any other submit-related operations.
The following C# example assumes you are using the Microsoft Office InfoPath 2003 Toolkit for Visual Studio .NET.
[InfoPathEventHandler(EventType=InfoPathEventType.OnSubmitRequest)]
public void OnSubmitRequest(DocReturnEvent e)
{
if((!thisXDocument.IsSigned) &&
thisXDocument.SignedDataBlocks.Count>0)
thisXDocument.UI.ShowSignatureDialog();
if(thisXDocument.IsSigned)
{
// You can add additional submit code here.
// Set ReturnStatus to true to prevent the display
// of the Digital Signature Wizard.
e.ReturnStatus = true;
}
else
{
thisXDocument.UI.Alert(
"This form must be signed before submitting it.");
// Set ReturnStatus to false to display the
// Digital Signature Wizard.
e.ReturnStatus = false;
}
}
Limiting the Number of Signatures in a SignedDataBlock Object
The following example uses code in the OnSign event handler to limit to three the number of signatures users can add to the first set of signable data in the form. This C# example assumes that you are using the Microsoft Office InfoPath 2003 Toolkit for Visual Studio .NET. Additionally, the OnSign event handler runs only in a form you deploy as a fully trusted form.
[InfoPathEventHandler(EventType=InfoPathEventType.OnSign)]
public void OnSign(SignEvent e)
{
Signature thisSignature = e.SignedDataBlock.Signatures.Create();
// Check if the current signed data block is the
// first signed data block in list.
// If this is the first signed data block, then do special handling.
// Otherwise, use the default handler (triggered by
// e.ReturnStatus = false)
if (e.SignedDataBlock.Name ==
thisXDocument.SignedDataBlocks[0].Name)
{
// Check the number of signatures in the first signed data block.
// If there are 3 signatures, don't add the signature and set
// ReturnStatus to true.
// Otherwise, add the signature by using the Sign method to
// display the wizard, and set ReturnStatus to true.
if ( e.SignedDataBlock.Signatures.Count > 2 )
{
thisXDocument.UI.Alert(
"Only three signatures are allowed on this data: " +
e.SignedDataBlock.Name );
e.ReturnStatus = true;
}
else
{
thisSignature.Sign();
e.ReturnStatus = true;
}
}
else
{
e.ReturnStatus = false;
}
}
Adding Custom Data to the Nonrepudiation Data
You can customize the OnSign event handler so that InfoPath adds custom information to the default nonrepudiation data it stores with the signature. Because form users sign this information along with the data, no one can tamper with it without invalidating the signature, but InfoPath cannot display the information in the Verify Digital Signature dialog box. You deploy the additional information with a different namespace from the one InfoPath uses for the default nonrepudiation data.
The following code sample adds time stamp data from a certified time stamp server to the nonrepudiation data that InfoPath stores with the signature. This C# example assumes that you are using the Microsoft Office InfoPath 2003 Toolkit for Visual Studio .NET. Additionally, note that the OnSign event handler runs only in a fully trusted form.
[InfoPathEventHandler(EventType=InfoPathEventType.OnSign)]
public void OnSign(SignEvent e)
{
Signature signature = e.SignedDataBlock.Signatures.Create();
signature.Sign();
// Countersign the signature with a trusted time stamp.
// Get the signature node
IXMLDOMNode oNodeSig = signature.SignatureBlockXmlNode;
IXMLDOMNode oNodeSigValue =
oNodeSig.selectSingleNode(".//*[local-name(.)='SignatureValue']");
// Get the time stamp from time stamp web service (fictitious).
MyTrustedTimeStampingService s = new MyTrustedTimeStampingService();
string strVerifiedTimeStamp = s.AddTimeStamp(oNodeSigValue.text);
// Add the value returned from the time stamping service to the
// unsigned part of the signature block.
IXMLDOMNode oNodeObj =
oNodeSig.selectSingleNode(".//*[local-name(.)='Object']");
IXMLDOMNode oNode = oNodeObj.cloneNode(false);
oNode.text = strVerifiedTimeStamp;
oNodeObj.parentNode.appendChild(oNode);
e.ReturnStatus = true;
}
Displaying Information about a Digital Signature
The following code sample displays properties of the Certificate object in an alert dialog box. The dialog box shows the values of all properties of the certificate that was used to add the first signature (Signatures[0]) to the second set of signable data (SignedDataBlocks[1]) in a form. This C# example assumes that you are using the Microsoft Office InfoPath 2003 Toolkit for Visual Studio .NET.
public void CertificateProperties()
{
// Access the certificate for the first signature in the
// second set of signable data.
Certificate certificate = thisXDocument.SignedDataBlocks[1].Signatures[0].Certificate;
// Check value of Status property and set appropriate value
// of string variable.
string status = "Undefined";
switch(certificate.Status)
{
case XdCertificateStatus.xdCertificateStatusValid :
status = "Valid";
break;
case XdCertificateStatus.xdCertificateStatusError :
status = "Error";
break;
case XdCertificateStatus.xdCertificateStatusExpired :
status = "Expired";
break;
case XdCertificateStatus.xdCertificateStatusNotTrusted :
status = "Not Trusted";
break;
case XdCertificateStatus.xdCertificateStatusRevoked :
status = "Revoked";
break;
}
// Display certificate property values.
thisXDocument.UI.Alert("IssuedTo = " + certificate.IssuedTo +
"\n IssuedBy = " + certificate.IssuedBy + "\n ExpirationDate = " +
certificate.ExpirationDate + "\n Status = " + status);
}
Building a Task Pane for Displaying Information about Digital Signatures
This code sample demonstrates how you can use JScript with the InfoPath object model members for working with digital signatures. In this example, you create a custom task pane that displays information about all the signatures in an InfoPath 2003 form.
To create a custom task pane in your form template
Design a new blank form.
Display the Controls task pane, and then add two Section controls to the form.
In each Section control, add controls that are bound to nodes in the main data source. For example, you can drag Text Box controls from the Controls task pane into each section.
Right-click each section, and click Section Properties. On the Digital Signatures tab, select the Allow users to digitally sign this section check box, and then define a set of signable data. For more information, see Enabling Digital Signatures and Defining Signable Data in a Single Operation. For demonstration purposes, configure one section for co-signing and the other for counter-signing.
Save the form template to the following name and path:
C:\SignatureSamples\TaskPane.xsnIn the same folder that contains TaskPane.xsn, use a text editor to create an HTML file for the task pane. Add the following content, and then save the file as TaskPane.htm:
<html> <head><title>Digital Signatures</title></head> <body> <style type="text/css"> body { font-family:Verdana; font-size:10pt } </style> <script language="JScript"> if(window.external.XDocument.IsSigned == true) { // Start building table. document.write('<br><b>These people have signed the form: </b><br>'); document.write('<table align="left">'); document.write('<tr><th colspan="3"></th></tr>'); // Loop through all sets of signed data to // retrieve information about signatures. var oSDBs = window.external.XDocument.SignedDataBlocks; for(var i = 0; i<oSDBs.Count; i++) { var oSDB = oSDBs(i); for(var j = 0; j<oSDB.Signatures.Count; j++) { // Retrieve signature status. var oSignature = oSDB.Signatures(j); switch(oSignature.Status) { case(0): strStatus = "Error"; break; case(1): strStatus = "Valid"; break; case(2): strStatus = "Invalid"; break; case(3): strStatus = "Unsupported"; break; default: strStatus = "Unknown"; } // If signature is valid (1) but certificate is not trusted (3), // display "Not trusted". if((oSignature.Status == 1) && (oSignature.Certificate.Status == 3)) strStatus = "Not trusted"; // If signature is valid (1) but certificate is revoked (4), // display "Revoked". if((oSignature.Status == 1) && (oSignature.Certificate.Status == 4)) strStatus = "Revoked"; // Display appropriate icon. if(strStatus == "Valid") strIcon = "signaturevalid.gif"; else strIcon = "signatureerror.gif"; // Retrieve name of signer. strName = oSignature.Certificate.IssuedTo; // Write row of signature information. document.write('<tr><td><img src="' + strIcon + '"></td><td align="left">'); document.write(strName + '</td><td align="right"> ' + strStatus + "</td></tr>"); } } document.write('</table>'); } else document.write('<br><b>This form has not been signed.</b><br>'); </script> </body> </html>Create two GIF image files for icons to display in the task pane next to valid and invalid signatures, and save them as SignatureValid.gif and SignatureError.gif
On the Tools menu, click Resource Files, and then add the SignatureTaskPane.htm, SignatureError.gif, and SignatureValid.gif files as resource files.
On the Tools menu, click Form Options.
On the Advanced tab, select Enable custom task pane, and then in the Task pane location drop-down list, select SignatureTaskPane.htm.
In the Task pane name box, set the name of the custom task pane to Digital Signatures, and then click OK.
Display the Data Source task pane, and then open the Properties dialog box for the signatures1 group.
On the Validation and Event Handlers tab, from the Events drop-down list, select the OnAfterChange event, and then click Edit. At the end of the OnAfterChange event handler, add the following line of code:
XDocument.View.Window.TaskPanes(0).Navigate("TaskPane.htm");This code reloads the digital signatures task pane every time a value in the signatures1 group changes.
Save the Script.js file.
In InfoPath design mode, on the Tools menu. point to Programming, and then click On Sign Event.
In the OnSign event handler, before the line of code
var Signature=eventObj.SignedDataBlock.Signatures.Create();add the following lines:var nSig1 = 0, nSig2 = 0; for(var i=0; i<XDocument.SignedDataBlocks.Count; i++) nSig1 = nSig1 + XDocument.SignedDataBlocks(i).Signatures.Count;After the line of code
eventObj.ReturnStatus=true, add the following lines.for(var i = 0; i<XDocument.SignedDataBlocks.Count; i++) nSig2 = nSig2 + XDocument.SignedDataBlocks(i).Signatures.Count; if(nSig1<nSig2) { XDocument.UI.Alert("The signature was added."); } else { XDocument.UI.Alert("The signature was not added."); }Save the form template and install it as a fully trusted form. For more information, see Making a Form Template Fully Trusted.
Open the form for editing, and then fill out and sign each section. Before you sign any data in the form, a message appears in the task pane, as follows: "This form has not been signed." As you sign data in the form, InfoPath updates the task pane with information about the signature and its status.
Making a Form Template Fully Trusted
Before InfoPath can run your form code, you must install, as a fully trusted form, any form template to which you add either of the following:
Custom code to the OnSign event handler.
Calls to any InfoPath object model members that require security level 3, such as the Sign method of the Signature object.
To test and run the code samples in this article, you can perform one of the following procedures to make your sample form template fully trusted.
Note
If your form template contains JScript or Microsoft Visual Basic Scripting Edition (VBScript), you can make the form fully trusted by code-signing the form template or by creating an installation program or script that registers the form template. If your form template contains managed code that you create with the Microsoft Office InfoPath 2003 Toolkit for Visual Studio .NET, you cannot make the form template fully trusted by code–signing it. Instead, you can create an installation program or script that registers the form template, or you can run the IPFullTrust macro to set your template file to full trust and register it.
Digitally Code-Signing a Form Template
You can digitally code-sign a form template to make it fully trusted.
To digitally code-sign a form template
Open the form template in design mode.
On the Tools menu, click Form Options, and then click the Security tab.
Clear the Automatically determine security level based on form's design check box.
Click the Full Trust option.
Select the Sign this form check box. To sign the form, you must have a code-signing digital certificate.
To use or create a code-signing digital certificate:
If you have a code-signing digital certificate installed on your computer, click Select Certificate, and then select the correct certificate.
If you do not have a code-signing digital certificate installed, you can create a self-signed certificate by clicking Create Certificate.
Note
A self-signed digital certificate allows forms signed with the certificate to be trusted only on the computer where the certificate was created and only by the user account that created it. This is because other users do not have access to the certificate authority store on the computer where the self-signed certificate was created (issued). To fill out a form that uses a digitally signed template, users must be able to trust the issuing certification authority, before they can trust the publisher who signed the form template.
Click OK, and then save or publish the form template to a location where you can test it.
The first time a user opens a digitally signed form template, InfoPath displays the Security Warning dialog box, prompting the user to choose whether to trust the publisher identified by the certificate used to sign the template. To trust the publisher, the user selects the Always trust files from this publisher and open them automatically check box, and then clicks Open. Once the user chooses to trust a certificate, the user can open any form template that asks for full trust and that is signed with the same certificate. You can click Options on the Tools menu, and then click the Trusted Publishers button, to view and manage the list of trusted publishers in InfoPath.
Making a Form Template That Contains Managed Code Fully Trusted
For form templates that contain managed code, there are two options for making the form template fully trusted. You can use the Form Registration tool (RegForm.exe) to create an installation script or Microsoft Windows Installer (.msi) file, or you can run the IPFullTrust macro to make the form template fully trusted and to register it.
To create a script or installation program with the Form Registration tool
Download and install the Microsoft Office InfoPath 2003 Software Development Kit (SDK).
Open a Command Prompt window, and type the following:
cd \Program Files\Microsoft Office 2003 Developer Resources\Microsoft Office InfoPath 2003 SDK\ToolsType a command in the following format to create a registration script:
RegForm /U urn:MyForm:MyCompany /T Yes C:\MyForms\MyTrustedForm.xsnReplace the values for the /U option and the name of the form template with your own requirements and the location of your form template. The tool creates a JScript (.js) file that has the same name as your form template, in the directory where your form template is located. Run the JScript file to install and register your form as fully trusted. To uninstall a form template, run the JScript file followed by the /uninstall switch from the command prompt.
For more details about the Form Registration tool and additional information about deploying a fully trusted form, see Understanding Fully Trusted Forms.
The other option for making a form template that contains managed code fully trusted is to use the IPFullTrust macro. You use the IPFullTrust macro with the Microsoft Office InfoPath 2003 Toolkit for Visual Studio .NET and run it from within the Visual Studio .NET environment. The IPFullTrust macro automates the process of modifying the manifest file (.xsf) and the form template file in your InfoPath project so that it is set for full trust, and then the macro automatically registers the form template.
To create and register a fully trusted form template with the IPFullTrust macro
Download and install the Microsoft Office InfoPath 2003 Software Development Kit.
Perform the steps for installing the IPFullTrust macro that are described in the "Installing and Using the Macros" topic of the SDK documentation.
Close the design mode instance of InfoPath associated with the project. When InfoPath is in design mode, it locks the Manifest.xsf file and prevents the macro from making changes.
In Visual Studio .NET, on the Tools menu, point to Macros, and then click Macro Explorer.
In the Macro Explorer window, expand the InfoPathSDK node, and then expand the IPFullTrust node. The IPFullTrust macro is denoted with a cassette icon and the name "IPFullTrust".
Right-click the IPFullTrust macro and then click Run.
Once the IPFullTrust macro runs successfully on the project, the form template is registered on the development computer. You can continue to make code changes without re-running the macro, and the full-trust level is maintained.
Conclusion
Microsoft Office InfoPath 2003 Service Pack 1 provides a rich set of features you can use or customize in your form templates so form users can digitally sign data in your InfoPath forms. InfoPath provides object model members with which you can customize and extend digital signature features from form code. You can also use or create custom user interface features with which you or others can create form templates that support digital signing of data. Finally, you can create custom user interface features that form users can employ when filling out and signing data in forms at run time.
Additional Resources
For more information, see the following: