/Contents entry in digital signatures

Similar Messages

• Possible to validate data entries during Digital Signature?

  I have a form that was built from scratch using Adobe LiveCycle  Designer ES 8.2. I also have Adobe Acrobat Pro 9.3.2. (WinXP)
  I  see numerous articles online related to validating user input prior to  data submission for an online form via a Submit button, however, I  am trying to figure out how to implement the same sort of data  validation during the signing of a particular digital signature field in an offline pdf form. Simply, I want to perform data validation during a digital  signature instead of when user presses Submit button.
  Here's my  use-case:
  1. Form Originator fills out a large number of data fields  and signs form via a CAC cert.
  2. Another person will review,  possibly edit/add data, and sign another signature block with CAC.
  3.  Then there is one more final CAC signature on the form before it is  completed and then emailed to the right folks for processing.
  4. I  would like to be able to enforce the population of several Mandatory  data fields (at least one Radio button and one text input, possibly  others) before the 3rd signature can be applied to the document.
  Again, I  need to emphasize this is all happening in an offline form, no data  submission or database back-end. Also, everything with the digital  signatures (and locking up fields afterword) works totally fine, just interested  in adding Data Validation capability during Digital Signature.
  I am in no way a javascript expert, but I can  probably learn from a good example. Any help or guidance is very much appreciated. Thanks...

  If you are using SignatureField in the form then you will get two events preSign and postSign which you can use to validate the field input just like you do with a Submit button.
  Thanks
  Srini

• Verifying digital signatures in PDF documents

  I'm working on verifying PDFs digital signatures.
  I know that when a PDF is signed, a byterange is defined, the certificates get embedded, and from what i've read, the signed message digest and the timestamp are also stored in the PDF.
  I already can extract the certificates and validate them. Now I'm trying to validate the pdf's integrity and my problem is I don't know where the signed message digest is located.
  In this sample signed pdf (http://blogs.adobe.com/security/SampleSignedPDFDocument.pdf), I can clearly identify the digest since it is down below the embedded certificates: /DigestMethod/MD5/DigestValue/ (line 1520).
  But that PDF sample seems to be from 2009, and I suspect the message digest is stored in a different way now, because I signed a PDF with Adobe Reader and I can't find any message digest field like the previous one. Can someone tell if the digests are now stored in a different way? Where are they located?
  Anyway, for now I'm using that sample document, and trying to verify its integrity. I'm getting the document's bytes to be signed acording to the specified byterange, and digesting them with MD5 algorithm, but the digest value I get doesn't match with the one from the message digest field... Am I doing something wrong? Is the digest also signed with the signer's private key?
  I appreciate any help.

  You cannot rely on the digest to be in a certain place in PDF. If you want to manually verify the digest in a PDF signature here's what you need to do.
  1. Open PDF in a Text Editor.
  2. Find Signature Dictionary for your signature.
  3. Get the Hex String which is the value of the /Contents entry in the Signature Dictionary.
  4. Convert Hex String to binary string and discard trailing zeros. Remember that in a Hex string each byte is represented with two characters and the last one might be a zero. So, when you discard zeros make sure that what you get left has even number of bytes.
  5. Use one of the commercially available BER Viewers (you can find free BER Viewers on the Web) to convert the binary string to ANSI.1 representation.
  6. Analyze the BER-decoded PKCS#7 signature object (RFC 2315 describes it) and find the digest that you are looking for in it. It is an OCTET STRING.
  If you want to programmatically validate a signature, you need to write code that does all that. Signature validation includes much more than checking the digest. You need to build chain, validate each certificate in the chain, check revocation for each certificate in the chain, etc. RFC 5280 is the guide what to do.
  Good luck!

• Digital Signature :- Changing contents in Original and revoking Diital Sign

  Hi
  We have a requirement as follows
  1) There are 4 approval levels for a status A2 (Approval 2)
  2) Levels are S1, S2, S3, S4 where S4 is the Program Director who finally releases the status
  3) Initially S1 wud approve, then S2, then S3 and so on. Finally S4 would sign digitally ( after signatures from S1, S2 and S3 ) to complete the Digital Signature process.
  4) I have created release strategies and everything is working fine.
  5) Now consider this
  a) Approver S3 found that the Document needs to be changed, he want to edit the document and sign it.
  But since we are using Digital Signature , the status is locked and orginal cannot be edited. How can we do this then..
  b) Approver S3 want to cancel the Digital Signature process and return to old status A1.
  Here I tried to cancel the "Signature process" but old signatures of S1 , S2 was not canceled and the Document status was not reverted to A1 (old Status). Only thing happened was that the process was terminated and again when I open the DIR its asking signature from S3 only ( it should ask from S1 and S2 ideally, I believe)
  Please guide.
  Regards
  Aby
  Edited by: Aby Thomas on Nov 30, 2008 8:29 AM

  Aby,
          You are actually trying to find a technical solution for a business process issue. I suggest that you first set the business processes right, before trying to resolve it technically.
  Once you have decided that S4 will finally sign off using a digital signature, if somebody further down in the loop wants to change the document, definitely it should lead to the creation of a new version of the same document and it should follow the same S1,S2,S3,S4 route.
  Hope this clarifies,
  Sojan

• Acrobat is not validating digital signature

  Hi Everybody...
  I have generated a pdf file which includes digital signatures.
  But the acrobat is not validating the digital signature. But if
  we open this file in PDF-xchange viewer, it shows that the
  signatures are valid. Acrobat generates the following error...
  Error during signature verification.
  Signature contains incorrect, unrecognized, corrupted or
  suspicious data.
  Support Information: SigDict /Contents illegal data
  What may be the problem?

  Thank you Bernd for your kind and simple reply  
  I am uploading my file with my certificate which i am using for my digital
  signatures. Please have a deep look at contents entry. Use ASNVIEWER or
  decoder etc......
  Thanks again and Best Regards

• Variable number of required digital signatures

  Hi,
  I have following problem: I have a document type wich requires a variable type of digital signatures bevore it is released. Who has to check the document depends on its content.
  1st Question: Is there a way to define wich user has to sign the document (at moment we just define that one user with the right authorization has to sign, but not exactly who).
  2nd Question: Is there a way to define a status wich requires defined signatures (more than one) before it switches to the next status?
  The signature process should look like this: After the document is created the creator defines who has tho check it. Then he sets it to status "to be checked". As long as not all of the required users has signed it stays in this status. When all rewuired users have signed status changes to "released".
  Every answer is helpfull.

  For question 1, we normally have a classification field with the approver listed in it (used for workflow as well). When the user attempts to execute a digital signature we normally add an enhancement to check that its the same user listed in the approver field.
  For question 2, there are a couple of alternatives, but we normally handle this with workflow or abap for multiple approvers. We make the approver field in classification a multiple entry field and then use either workflow or abap to kick the document back to the previous status so that if there is more than one approver, each approver has the ability to set the same status. The enhancement also keeps tabs on who has signed the document and once all the approvers have signed we kick it over to the final status.
  This same process can be used for multiple entries on both a reviewer and approver field (if you require review and approver otherwise you can just use approval) and allows you to use this process for both review and approval. For example, you could use a status network that goes:
  In Work - For Review - Reviewed - For Approval - Approved - Released.
  In the process of approval, the approver would set the "approved" status whilst the system would reset it back to "for approval" and only once the last person had approved it would automatically set the released status. The trick using this method is to ensure that the work items are not regenerated every time it sets it back to "for approval" so there is some logic required for your workflow consultant.
  The review process would be exactly the same with the exception that the system would automatically kick it over from "reviewed" to "for approval" or whatever you next status might be.
  Message was edited by:
          Athol Hill

• Print Digital Signature

  Hi Experts,
  I've setup the digital signature for certain document types. Now when I print those signed document, am not able to get the approver's signature on print out.
  From the SAP Help I found below link and it says that I've setup ' allowed' or 'possible' option for Document Display in Digital Signature Strategy.
  http://help.sap.com/saphelp_sm71_sp01/helpdata/en/45/f0f4a900b404abe10000000a114a6b/content.htm
  I tried both the options and still not able to see digital signature during the print out or document display.
  In the Help (above link) it also says that
  "The document display and print option are not available to the signee if the forbidden option is set in the system table for the entire application."
  Where can I find the System Table to remove the forbidden entry for the application?
  Do I need to setup anything else to enable the digital signature print option?
  Thanks,
  Shaun

  Hi Amit,
  I am not sure on how to get the the signature of the person who released the PO, because as per my understanding the Relase Strategy i.e the Relase code is attached to a Basis profile.
  What I would suggest is if you can get all the guys who can release a PO and define him as a Purchaser ie. a Purchasing group then it would be easier to print his signature in the PO.
  Here are the Highlevel steps
  1. Just have the Signature you want to print in a Tiff format.
  2. You can upload the signature as a standard Text using program RSTXLDMC to upload and give a text name.
  3. call the text name in your sap scripts.
  reward if useful.
  Thx,
  MJ

• How to Print Digital Signature in Smart forms.

  Hi Experts,
  Any one please help me how to use digital signatures in SMARTFORMS.?
  Which are the tables used to store digital signatures and please any one have any demo program which prints the the digital signature using smartforms kindly let me know.
  Thanks,
  Sunil kairam.

  Hi Sunil,
  After doing some research in sdn and other sources i found the following result...
  Digital Signatures are nothing but graphics that we can store in SAP and use in our Smart Forms.
  For Example you can create a .bmp file of your signatures, upload it via SE78, and then use it in your Smart Forms in your Footer Area as "Authorized Signatory".
  The Logic in the Print Program can be something as follows -
  1. Maintain a Z Table having fields like PLANT, FORMID (Name of the SmartForm), USERID.
  2. Before calling the Form, the validation is made for the Logged in User with the Z Table created.
  3. If the User Entry exists in the Z-Table, the Form is called and the Signature Image is displayed in the Footer Block i.e. the Authorized Signature.
  4. If user entry does not exist in the Z-Table then the message is displayed "You are not the Authorized for Printing the Form" and exits the Transaction.
  refer to these links:
  [http://help.sap.com/saphelp_nw04s/helpdata/en/23/c8b4cb4b3847a9bc32fe100f368411/frameset.htm]
  [http://help.sap.com/saphelp_nw04/helpdata/en/21/530b37cb3ed605e10000009b38f936/frameset.htm]
  if u find some info on the topic pls let me know..
  best of luck!!!
  thanks
  ravi

• Need a Suggestion For implementing the Digital Signature For the Documents

  Hi,
  Currently I am working in a Document Management System. I need a Good Suggestion for how to implement a Digital Signature For the Documents.
  Thanks in Advance
  Sabarish V

  Hmm, if you are not using Oracle Payroll, what are you using for payroll? I am wondering why you could not use your payroll system, whatever it is, to handle this reimbursement program.
  Well, you may want to talk to Oracle support about how to handle this in Oracle iExpense. You can certainly handle advances for Expense Reports. You would then apply the advance to the expense report items. The catch is I don't think you can stop expense item entry after the adavance is satisfied. You would have to set up a work flow process of some kind to have the expense reports reviewed and only approve expenses that are applied to the advance, is what I am thinking. Not your ideal solution, but something to think about. It could be the Oracle folks might know of a sneaky way to handle this. What you are trying to do is unusual. Employee advances are common, but the idea of not being able to exceed the advance amount is what unusual about this. Normally you will accept any expenses over the advance amount and reimburse the employee for those extra amounts not advanced.
  Good luck.
  John Dickey

• Digital signatures for customer facing documents

  Hello,
  I am a pretty experienced user of Adobe TechComm Suite (FrameMaker, RoboHelp), but I've never needed to dig too deep into Acrobat, so I am a newbie when it comes to setting up digital signatures.
  I am using Acrobat Pro XI on Windows 7 professional, and the people who need to approve documents only have the free Adobe Reader. I don't have access to any sort of workflow system at the moment, and we aren't using a content management system. Adobe EchoSign is not suitable for our documents because of size restrictions and because 3rd-party cloud storage violates corporate policy.
  What I'd like to be able to do is this:
  Include a signatures page when I create a PDF of a document. Place the document at a shared network location (Windows network).
  Notify approvers (Outllok email) that they need to digitally sign a PDF at a shared network location.
  See the digital signatures and see that they all are valid.
  Send out the signed PDF to external customers, in a way that it doesn't show customers that the document includes a form, and doesn't ask for more signatures, but does confirm that the PDF has not been changed since it was signed. Customers must be able to print all or part of the PDF if they want to.
  I have a feeling that I may be missing some steps or some external components. Any advice on how to set this up would be welcome.
  Thanks very much,
  David

  What you want to do can be done with Acrobat, but it depends a bit on how many internal users will be needing to sign the documents. For Reader users (desktop versions on Windows and Mac) to digitally sign a document, it needs to be Reader-enabled with either Acrobat Pro (not Standard) or LiveCycle Reader Extensions. The latter is expensive server-based software.
  A signature field can be set up so that the document is locked to further changes once it is signed, but this involves the user selecting the option or you can pre-configure the document (signature field, specifically) with a bit of JavaScript so it will always be locked after signing.
  The external users will be able to validate the signature (with Acrobat/Reader) and print if you haven't restricted printing.

• Digital Signature crashes Acrobat 9 Pro

  An error occurs when trying to Sign any PDF document, even when opening a very simple, one word (Times New Roman text only) PDF document. After opening the PDF in Acrobat Pro (WinXP Pro SP3), selecting Sign, Sign Document, Acrobat allows proper placement of the signature box, and accepts the password for the selected Signature ID. When <Sign> is then selected, Acrobat offers to save the document, and when the save location (any location) is selected, Acrobat returns the error below.
  Adobe Acrobat 9.3 has encountered a problem and needs to close. We are sorry for the inconvenience.
  Error Signature
  AppName: acrobat.exe AppVer: 9.3.2.163 ModName: acrobat.dll
  ModVer: 9.3.2.163 Offset: 00135fb9
  The same source PDF document can be modified, or password protected, and then saved without a problem. Only when a digital signature is applied does the error occur. Acrobat has successfully Signed and saved documents on this PC previously, but starting experiencing this error about week ago. I have uninstalled Acrobat, reinstalled ver. 9.0 and applied the two updates to 9.3.2, and have generated new Digital Signatures, all with the same resulting error when signing a document. The new, signed PDF document is actually created, and a Digital Signature is found in the document, but is invalid, reporting:
  Error during signature verification.
  Signature contains incorrect, unrecognized, corrupted or suspicious data.
  Support Information: SigDict /Contents illegal data
  I have tried the troubleshooting steps in http://kb2.adobe.com/cps/403/kb403613.html, but without any progress; the error continues to remain. Any advice on how to resolve this will be greatly appreciated.  Thanks.

  Hi Mike,
  After the Save As operation was done, did you see the signature appearance displayed in the signed signature field before you closed the doc? And if did see the signature appearance, did you happen to notice if there was a green check mark displayed in the blue message bar at the top of the file?
  Thanks,
  Steve

• Acrobat 9,10 failing to validate digital signature while Acrobat 8 validating it.

  I am facing an issue while validating a digital signature. I applied a certified signature with “Annotation, form fill-in, and digital signatures” but
  when I apply Redaction “find and permanently remove” on a digitally signed document, Adobe Acrobat 9 and 10 complains that signature is Invalid But Adobe 8 is validating it. I have analyzed  that Adobe Acrobat applying Redaction in append mode and original content of signature  remains unchanged after Redaction.
  Can someone let me know what should be the actual behavior?
  Why Adobe Acrobat 9 and 10 failing to verify the signature even Adobe Acrobat keep enable Redaction which means it is allow to apply in a certified signed document with “Annotation, form fill-in, and digital signatures” option.
  Prompt responses are greatly appreciated!!

  When you sign, you should see where you can select the signature appearance name from a dropdown in the dialog.

• How to format the text  in a Digital Signature for a PDF in landscape orientation?

  I have a custom Digital Signature plug-in which prompts the user to enter few details on a dialog and then renders the signature. Now, the problem is for a page which has PDPageGetRotate value as 90. In this case, the entire content(text) in the signature is rendered reversed i.e its displayed upside down. However, for a page in portrait mode, i.e with rotation value as 0, signature is correctly displayed.
  Can anybody help me by explaining which callback/method to use to frame the text appearance? I think there needs to be some change in the parameters passed to DigSigAPCreateLayeredStreamEx, am i correct?
  Let me know any comments/suggestions on this issue of correctly rendering text in a digital signature for a rotated page.

  Just setup the appropriate transformation matrix.

• Loading Invoice XML IDoc with digital signature via XI into R/3

  Hi,
  I received an Invoice XML IDoc with digital signature via Mail (for test purposes) and want to load it via XI into an R/3 systeme.
  My idea is to load the Invoice XML IDoc file via the File Sender Adapter into XI and send it to the R/3 system via the IDoc Inbound adapter.
  Due to the digital signature the file looks like this:
  0‚ S      *†H†÷
      ‚ D0‚ @   1 0       +      0‚ '      *†H†÷
      ‚   ‚   ‚ –0‚ ’0‚ û      etc.
  When I load the file like this with the File Sender Adapter, an error message occurs in the XI Monitoring as the XML Parser cannot read the file due to the digital signatur (as expected).
  Has anybody an idea how I can configure the File Sender Adapter Communication Channel to be able to load only the XML IDoc and ignore the digital Signature strings?
  Thanks in advance for your support.
  Alex

  BTW
  do use the second way you need:
  Security Settings for the Sender Mail Adapter
  http://help.sap.com/saphelp_nw04/helpdata/en/27/c0524257a1b56be10000000a155106/content.htm
  and
  Key Storage Service
  http://help.sap.com/saphelp_webas630/helpdata/DE/e9/a1dd44d2c83c43afb5ec8a4292f3e0/content.htm
  apart from adapter module config
  Regards,
  michal

• Fire fox is not reading my XML file for digital signature

  I have to upload the xml file in www.incometaxindiaefiling.gov.in by digitally signing the xml file. When I click on the tab for digital sign, the message come " cannot read the xml file"

  Not the sort of thing it is easy to help with as by definition it will not be a public site but one for Indian Taxpayers, and can be expected to be secure.
  Have you tried using Internet Explorer.
  You could try attaching screen shots of the problem pages and any error messages, but please be careful and edit out any confidential or sensitive information before attaching such an image.
  Please remember you are posting on a public and websearch indexed website, this is not a private support ticket.
  *link is https://support.mozilla.org/en-US/questions/968557
  Are you seeing a shield icon in your location bar as explained in this article
  * How does content that isn't secure affect my safety?
  That is rather a longshot as it is a change in Firefox so could affect you this year, but would not have affected you last year.
  * see [[How does content that isn't secure affect my safety?]]
  I note the public portion of the site
  * https://incometaxindiaefiling.gov.in/
  * talks about 'e-Filing' and 'Option 1: Use Digital Signature Certificate (DSC)' and then gives two other alternatives
  Other possibilities
  *[[Troubleshoot the "Secure Connection Failed" error message]]