Solved

Digital Signature in Docman

  • 17 December 2019
  • 15 replies
  • 1873 views

Userlevel 2
Badge +3

Is it possible to make Digital Signature integrate to attached documents through third party application?

 

 

icon

Best answer by Kasun Balasooriya 20 December 2019, 00:36

View original

15 replies

Userlevel 7
Badge +20

Hi @AIDA LOTFI ,

This is already available as a core functionality ( newly introduced in APPS10).

However, the functionality is limited to PDF files at the moment. 

You could read more about this functionality from the attached documents below. 

 

 

 

Userlevel 2
Badge +3

Hi Kasun,

Thank you so much for your prompt answer.

Userlevel 7
Badge +30

Is it possible to make Digital Signature integrate to attached documents through third party application?

The question is a bit vague. “Integration” can mean many different things, and so can “digital signatures”. Can you elaborate? What is the exact requirement?

 

Userlevel 2
Badge +3

Is it possible to make Digital Signature integrate to attached documents through third party application?

The question is a bit vague. “Integration” can mean many different things, and so can “digital signatures”. Can you elaborate? What is the exact requirement?

 

Hi Mathias,

The idea is Print Digital Signature on documents at approval steps in IFS , or just when document is approved. 

as per Kasun answer is part of standard functionality in App 10 but only for PDF files.

is that make it more clear ?

 

Thanks,

Aida.

Userlevel 7
Badge +30

Is it possible to make Digital Signature integrate to attached documents through third party application?

The question is a bit vague. “Integration” can mean many different things, and so can “digital signatures”. Can you elaborate? What is the exact requirement?

 

Hi Mathias,The idea is Print Digital Signature on documents at approval steps in IFS , or just when document is approved. 

as per Kasun answer is part of standard functionality in App 10 but only for PDF files.

is that make it more clear ?

It’s clear, and it sounds exactly like what we have support for, for PDF files. And, actually, the question is if digital signatures are feasible for many other file formats than PDF. PDF have good support for it, with a lot of features. Perhaps the customer can generate PDF files from their original file formats, and sign the PDFs?

 

Badge +3

Hi

I have a few questions regarding this solution that I hope can be answered in this thread.

  1. DocMan-event action versus Report Rule Engine.

Are the two to be considered as two different ways of triggering the digital sign. functionality. Where the DocMan-event actions is done if using Document Approval and report rule engine for any report that we want to be signed?

  1. Certifications

When testing this functionality (both running the code ‘ifsapp.Edm_File_Sign_Util_API.Certify_Pdf_File’ as well as setting up Report Rule Engine) the result is that the message:
“Dokumentcertifieringens giltighet är OKÄND. Författaren gick inte att verifiera” shows.

Q1: Does this mean that the end-customer has to purchase certificates from a source that Adobe has listed as ‘Trusted’? If so, then the 
’Generate Self-signed Certificate’ in KeyStore will not come into play?

 

Q2: Are there any guidelines or recomendations on this from IFS-side? How has this been handled at other customers using this functionality?

 

Q3: Is it possible to list all ‘external’ activities that the customer has to take to ensure that this functionality works?

 

Regards

Gustaf

Userlevel 7
Badge +30

Hi Gustaf,

I have tried to answer your questions below.

DocMan-event action versus Report Rule Engine.

Are the two to be considered as two different ways of triggering the
digital sign. functionality. Where the DocMan-event actions is done
if using Document Approval and report rule engine for any report
that we want to be signed?

 

Yes.

 

Certifications

When testing this functionality (both running the code
‘ifsapp.Edm_File_Sign_Util_API.Certify_Pdf_File’ as well as setting
up Report Rule Engine) the result is that the message:
“Dokumentcertifieringens giltighet är OKÄND. Författaren gick inte
att verifiera” shows.

 

Q1: Does this mean that the end-customer has to purchase
certificates from a source that Adobe has listed as ‘Trusted’? If
so, then the ’Generate Self-signed Certificate’ in KeyStore will not
come into play?

 

We have not seen this error in our testing. We have tested with
self-signed certificates. You can create ones from inside IFS
(Keystores / RMB / Import Certificate / Generate Self-signed
Certificate), and those works when we test. Did you also test with
those?

For internal needs, self-signed certificates might be enough (the
company and/or their users needs to trust these certificates for this
to be meaningful though). However, if the signatures should have any
meaning outside the company I assume customers need to buy
certificates from a trusted authority.

 

Q2: Are there any guidelines or recomendations on this from
IFS-side? How has this been handled at other customers using this
functionality?

 

Sorry, no recommendations from our side. Not sure if there would be a
point in that. I would guess this work is similar to what is needed
when a customer buys a certificate for HTTPS. 

 

Q3: Is it possible to list all ‘external’ activities that the
customer has to take to ensure that this functionality works?

 

Not sure what you view as "external", in this context. Can you
elaborate?

Also, did you read the documentation we have on this subject? Was anything lacking?

/Mathias
 

CC @Daniel Svantesson 

 

Badge +3

Great! Thanks for the response.

Q3: Is it possible to list all ‘external’ activities that the
customer has to take to ensure that this functionality works?

Poorly formulated by me. This was in relation to the external ceritficates that I presumed was mandatory. I wanted to hedge if there are several actions that the customer needs to take outside of IFS. Like

1. Ensure external certificates for each person that will sign documents
2. Validate against Adobe to be ‘trusted’
3. etc
---Based on your answer on Q1 this question is only relevant if the digital signature shall have bearing outside of their own company---

 

Q2: Providing some screenshots of the issue.

 

 

 

 

This test was done against a standard report using report rule Engine.

 

 

The signature itself is displayed but with the “error-message” in Adobe.

And with this scenario I guess the document is not Digitally Signed even though the ‘stamp’ is there?

 

Also, did you read the documentation we have on this subject? Was anything lacking?

Yes. So far the issue above on ‘Trusted certificates’ is what I not have found in the documentation. But it might be in there.

 

Regards

Gustaf

Userlevel 7
Badge +30

Hi again,

The signature itself is displayed but with the “error-message” in Adobe.

Did you try to make Adobe trust the certificate?

And with this scenario I guess the document is not Digitally Signed even though the ‘stamp’ is there?

As I understand it, the PDF IS properly digitally signed, according to all the rules. There is just the “little” issue with Adobe complains about the validity of the certificate. But I could be wrong. Regardless, perhaps the best thing is to use proper certificates even for internal-only use.

@Daniel Svantesson, do you have any insights to share here? 

/Mathias

 

Userlevel 4
Badge +4

Yes a self-signed certificate will never be trusted by Adobe Reader until it has been manually added to the local trust store.

Self-signed certificates are only recommended for testing/demo/internal use.

Once you go live and start sending these document to the “outside world” you should replace the certificate in the keystore with one that is issued by a trusted CA and has a chain to a Root CA. Then it will by default be trusted.

This is something you will have to pay for.

 

I found a link that explains the trust chain of certificates.

https://knowledge.digicert.com/solution/SO16297.html

 

Badge +3

Thanks for your answers, highly appreciated. :thumbsup:

I will try to make the certificate trusted by Adobe and re-test.

And this also answered my Q3. Customer will have some “external” actions like purchasing certificates and also to gain knowledge of how certificates in general works (if the signed documents are to be distributed externally).

Mvh

Gustaf


 

Userlevel 7
Badge +30

Great!

Don’t hesitate to report back here about any findings. Even though we released this sometimes back, this functionality is still very “new” and we have got more or less no reports about how it works for customers yet.

Good luck!

/Mathias

 

Badge +3

Hi again

In order to make the Self-generated certificate Trusted in Adobe I will need the actual pfx-file and import that as a trusted certificate. Correct?

 

But if this was the case Im caught in a moment 22 since I need to export the file from the db in order to import it. And export is not allowed.

 

I obviously have misunderstood something here and if you can guide me a bit how I make the Self-Generated certificate Trusted in adobe I would be greatful.

Regards

Gustaf

Userlevel 7
Badge +30

You can trust the certificate in Adobe Reader itself. Here is how you do it:

https://ifs-my.sharepoint.com/:v:/g/personal/mathias_dahl_ifsworld_com/ESyY0jCygw9JlsvGHgxZ3usByUHb_tMyCGrBxNA-n5b8gg?e=ff0vBi

(let me know if the video does not work)

The last step was to validate the signature:

 

After doing this, things looks good I think.

Again, probably proper certificates published by some trusted authority is the way to go, but the above is an option, for sure. Technically, a certificate is a certificate and as long as you know what you trust, even self-signed ones should be an option. But, I am not primarily a digital signature nerd, so what do I know :)

 

/Mathias

Badge +3

Ah, I was over thinking it a bit. :thinking:

Thanks again for all the help. Now I get the same result as you have in your screenshot. :thumbsup:


Mvh

Gustaf

 

Reply