Signing attachments with using digital signatures

Facebooktwitterpinterestlinkedinmail
Applies to version: 2020.1.x and above; author: Marcin Pisarek

 

Introduction

Workflow configuration

Configuration of the “Sing an attachment” action

Verification of the “Sign an attachment” action

Configuration of the „Verify attachment’s signature” action

Verification of the “Verify attachment’s signature” action on the MODERN form


Introduction

From WEBCON BPS 2020 on the MODERN form the ability of signing PDF and/or DOCX attachments by using digital signatures (x.509 certificates) has been introduced.

This article describes two actions:

  • Sign an attachment – the action allowing to sign an attachment
  • Verify attachment’s signature – the action checking if the attachment was correctly signed

Detailed information about signing attachments and digital signature you can find at Applying digital signatures to attachments.

Workflow configuration

A simple workflow was configured:

Fig. 1. Workflow configuration – schema

 

The workflow consists of the following steps:

  1. Registration – the step in which the contract details are filled in
  2. Preparation – the step in which the contract is prepared
  3. Verification – the step in which the attachment with the contract is signed and verified
  4. Archive – the step in which all prepared and verified contracts are located

The “Sign an attachment” and “Verify attachment’s signature” actions will be configured in the “Verification” step.

Configuration of the “Sing an attachment” action

Signing of the attachment by a user is possible only within the context menu of the individual attachment. This signature is implemented for individual attachments.

The “Sign an attachment” action is configured in the “Attachments menu”. Notice, that the action name will be displayed in the attachment context menu from the form level. After adding the “Sign an attachment” action, go to their configuration by using the “Configure” button.

Fig. 2. Configuration of the “Sign an attachment” action

 

In the configuration of the action select the “Signature performed by the user”. By default, the signed file will have the same name, category and description as the source file – in this case the new version of this attachment will be created. The system allows you to change the method of converting the file in the “Configuration of signed attachments” section.

Verification of the “Sign an attachment” action

To use this action you need to open the form from the Internet Explorer (requires using the Active-X component).

To sign the attachment, the user must expand the context menu and select the signature action. For the above configuration this action is available in the “Verification” step.

Fig. 3. The form – selecting the “Sign an attachment” action from the context menu

 

Then a window will appear where you indicate the selected digital signature (x.509 certificate) with which the attachment should be signed.

Fig. 4. The form – selecting the digital signature

 

After selecting the certificate, the attachment will be electronically signed when the certificate is compatible with the publisher’s filter set.

Fig. 5. The form – a message about completing the “Sign an attachment” action

 

The signed file can be also verified in the PDF document viewer. For the signed attachments the “Signatures” section will be displayed.Fig. 6. The attachment – sign verification in the PDF viewer

 

Configuration of the „Verify attachment’s signature

The verification process allows you to check the certificate publisher and digital signature parameters (the validation date, publisher trust etc.)

This action can be configured for the context menu of the individual attachment in the “Attachments menu” option or on the transition/final path. After adding this action on the “Verified” path, go to their configuration by using the “Configure” button.

Fig. 7. Configuration of the „Verify attachment’s signature” action

 

The configuration of the action was divided into three sections:

Attachments to be processed

The method of selecting the attachment for which the verification will be performed. It can be realized based on the category, regular expression or SQL query.

Verification parameters

This section defines the following parameters: validation level, certificate publisher filter.

There are two validation levels:

  • Valid signature – the correctness of the signature is verified, but the certificate publisher trust is not checked
  • Valid signature and trusted certificate – verifies both the sign correctness and the certificate publisher trust

In the “Certificate issuer filter” field the certificate publisher is defined. This option allows you to select only the trusted publisher – in our case it is the digital certificate.

In the “Behavior” field there is two options:

  • Information – the system allows you to go through the path independently from the verification result, and the verification status will be logged in the system.
  • Block transition – if the signature verification will fail, the system will not let to go through the path and the verification status will be logged in the system.
  • Verification results – in this section there are form fields to select in which the verification result will be signed. These form fields can be used in the next steps.

Verification of the “Verify attachment’s signature” action on the MODERN form

To verify the digital signatures, go through the path on which the “Verify attachment’s signature” action is defined or by using the context menu of the individual attachments.

For the above configuration the action is available on the “Verified” path in the “Verification” step. By going through the path, the action of verification will be performed and the instance will move to the “Archive” step. The result of the configuration will be saved in the indicated form fields in the configuration of the action.

Fig. 8. The form – result of the configuration

Leave a Reply

Your email address will not be published. Required fields are marked *