Digital Signatures with PIX and MS IAS

Does the PIX support simple digital signatures? I would like to find a away for an IAS server and a PIX to exchange signed packets.
In particular I am trying to increase the security of the initial PAP shared key exchange during user authentication.
Any help is appreciated. I am coming at this from a windows background.
TIA - Willem

I believe PIX supports simple Dig Sig.

Similar Messages

  • A way to clear digital signatures with presence = "hidden"

    LCD 9, Dynamic forms using digital signatures, Reader 9x
    I discovered this by accident, so wondering if this is a design feature or a bug.
    I have a dynamic form and have sub-forms throughout it.  I create a flowed subform for my digital signature that has fields to collect information and then place a fixed subform inside that that actually contains the signature field.
    Page1 (flowed)
    - SignatureBlocks (subform - flowed)
                    - Field1 (textfield)
                    - Field2 (textfield)
                    -InitSig (subform - flowed)
                                    -Field3 (textfield)
                                    -Field 4(textfield)
                                                    -FixedSub (subform - fixed)
                                                                    -DigitalSig (signature field)
                    -ReviseSect1 (checkbox)
                    -CALCchkRevise (checkbox – calculated read only)
    DigitalSig locks down various fields in the form.
    My problem has always been that when the form goes to the next person for review there was no option to push the form back a state and allow the prior user to change info that was locked by DigitalSig.  Until I discovered this:
    If I place a checkbox (ReviseSect1) outside of “InitSig” subform and then run a calculation checkbox (CALCchkRevise) that sets the PRESENCE to “hidden” for InitSig if ReviseSect1 == 1, then toggle ReviseSect1 back to 0 my digital signature is cleared and thus all fields that were locked are now un-locked!
    CAR-1601-FM01.Section1.SignatureBlocks.CALCchkRevise::calculate - (JavaScript, client)
    if(ReviseSect1.rawValue == 1)
        SignatureBlocks.InitSig.presence = "hidden";
    else
        SignatureBlocks.InitSig.presence = "visible";
    Is this a design feature or a bug?  I like it as I now can have a reviewer toggle the ReviseSect1 checkbox which erases the digital signature and thus opens all those locked fields back up for editing.  Before I push this throughout my form (which has many signatures and review cycles) I want to be sure this is not a fluke that will go away when Adobe pushes its 1,037th update for the week for Reader.  If you hide a subform that contains a digital signature then un-hide it is it the design feature of hidden/visible to clear the signature?  Or is this a bug that will be patched?

    A better way is to set two codes on the ReviseSect1 checkbox.  CLICK sets the subform invisible and also sets the value of the checkbox to 0 (so that the user does not come back to un-click it and wipe out the signature again).  Then put a MOUSE EXIT code that sets the subform to visible.  In that way the user clicks the box and the signature subform hides, erasing the signature and un-locking the fields.  As soon as they mouse out of the checkbox the subform with the signature becomes visible again.  Nice.

  • Digital Signatures with SmartCards.

    Hi guys,
    Has anyone implemented in R/3 digital signatures with smartcards?
    Currently I'm at customer side trying to implement digital signatures within workflow processes using ABAP SSF functions. The smartcard devices are already installed, but I can't read the data inside the smartcard, moreover, I can't link the smartcard device with R/3 and I don't know how to do it…
    I read in some Weblogs and documents that it is necessary a SAP-certified external security product. I believe this external security product is the software that comes inside of smartcard drivers CD. It is something like a little application on which we can sign in data and put our fingerprint.
    I guess it is not supposed to develop an interface application between smartcard and R/3! When I started these developments I thought that I only needed to configure some environment variables to connect these devices with R/3 and then develop the ABAP flow logic with SSF Functions - Am I right?
    Can anyone provide me some guidelines for this issue?
    Thanks in advance,
    Ricardo.

    The SmartCard device is present at the frontend PC - and that's the place where the digital signature operation has to take place. Important is the "What You See Is What You Sign" principle: it has to be ensured that the data that is to be signed (using the private key stored on the SmartCard) is exactly the same as the one that is displayed to the user.
    Notice: there is a different scenario where the server is signing the data (after prompting the user for userID and password and validating that information).
    The signed data is then transported back to the server where it is stored (to ensure auditibility); usually you'll have to keep the (archived) data for years; the public key need to be archived as well.
    Notice: it is possible to attach the certificate (-> public key) which has been used to sign the data to the signed data.
    Regards, Wolfgang

  • Can't create a digital signature with acrobat 8

    We have acrobat 8.  My husband has a digital signature but when I try to electronically sign, his digital signature pops up and does not give me the option to create my own.  How can I create my own digital signature on this software?

    I don't have Acrobat 8, but in Acrobat 7 & 9 it's under "Advanced > Security Settings", which prings up a window where you can add a digital ID.

  • Digital Signature with Password

    I created a digital signature with a password. Now, I've forgotten my password. How do I reset it so I can use it?

    You can't reset it. Create a new signature.

  • Digital signatures with different versions of Reader

    I have created a form which requires a digital signature for approval. Typically, an employee will complete the form in Reader and forward it to a supervisor for approval. The supervisor needs to sign it digitally and forward it to me.
    The issue we are having is with those employees who are completing the form in Reader and the supervisor (or someone thereafter) has a more updated version of Reader and cannot sign the document. What can we do to stop this from happening? There is no practical way to keep everyone on the same version of Reader. We will have many more forms which require a signature, and we need this issue resolved. (I am using Adobe Acrobat 9 Pro to create the forms.)
    Also, is there a way to verify the digital signature without using a third-party source? At this point, we know anyone can create a digital signature using someone's hand-written signature they found on another paper and we would like to prevent this from happening. We need to validate the person who used the digital signature is really that person.
    Any help is appreciated! Thank you!

    If you are creating your forms in Acrobat 9 Pro. and then Reader-enabling them for digital signatures, then recipients of the form will need to use at least version 8 of the Adobe Reader. Also, you'll need to do a few things during the authoring stage of your form, if your form changes by role (i.e., additional data is entered, annotations, or multiple signatures). Mainly you'll need to use a certification sig. for the first signature and set permitted changes after certifying.
    You can find a lot more detail on best practices on developing forms for multiple signatures in the Digital Signature User Guide at:
    http://www.adobe.com/devnet/acrobat/pdfs/acrobat_digsig_userguide_90.pdf
    The guide also explains how to validate documents (authenticity validation and document integrity validation).

  • Digital Signatures with Adobe Reader

    So i created an adobe form with acrobat 9 and sent it out for all to digitally sign.  about half are getting an error when they try to sign it.  "The credential selected for signature is invalid"
    We are a government agency and use Common Access Cards (CAC) certificates to digitally sign with. 
    i was hoping someone out there could either point me to a good recource for adobe and digital signatures or to a possible fix. 
    now we have narrowed it down to the problem being with the specific machine.  the user can digitally sign the document on another machine, but not on thier own machine.  Also, no one else can sign the doc on thier machine either. 
    Thanks in advance!

    issue still exists.  ive been searching for some info on how adobe handles digital signatures, like what folders are created on the machine.  im thinking maybe i can clear out the app data for acrobat or something.  im at a loss at the moment.

  • Digital Signatures: Multiple Tasks and Signers

    Hello, All-
    Context: We have a repair and overhaul operation that has several technicians performing maintenance. Basic workflow: product comes in, gets the paperwork for the specific maintenance, and then travels through the facility to be broken down, serviced, rebuilt, tested, and returned to service. We would like the "paperwork" to be all electronic (which we can do with Acrobat by using PDF documents), but there are several tasks that require a technician's signature. Not a digital signature for the WHOLE document, just a task in the document.
    Objective: Multiple technicians signing off on mutilple tasks, all in one document.
    Questions: Can we modify the document (i.e., add/insert pages) in Acrobat after a digital signature is applied using the Reader? Do those signing off on the tasks only need the Reader to create and apply the signature files? Can multiple signature files be stored in a centralized location, since technicians use work station machines (rather than a computer issued specifically to them)?
    Doing some investigation for the best solution. Sorry for the series of long questions.

    > "No. However, this can't be done in Reader under any circumstances... Reader is just that, a reader of PDF files. It can't edit them in any meaningful way, like add new pages (unless a special template was set up for this purpose)."
    - I should have clarified: we would like to modify the document using the full Acrobat Suite after digital signature. Signing once locks the entire document from further edits.
    > "Not 100% sure about that, but I think the answer is no. Signatures have to located on the local machine."
    - That's a problem: then every technician needs a digital signature on every machine. Not suitable at an enterprise/department level.
    I just found an answer to the basic concept, as it was answered just yesterday (http://forums.adobe.com/thread/1338837): I can leverge the Stamp feature and create a custom stamp to act as a signature. I can still modify the document after applying the stamp.
    Now the test: can others remove my stamp?
    Edit: Thanks for the help, BTW. I see you edited your answer to question #1. Again, maybe the stamp feature is sufficient?

  • Xfa Form, Digital Signatures, file attachments and Reader 9

    Hi,
    In reader 8 and previous, when i wanted to have a form that could be signed, passed to the next persons, added attachement signed, repeat, while maintaining the signatures valid, i could.
    Since we updated to reader 9.12 all previously signed documents appear with invalid signatures and if i try to attach a file, the add button just isn't there.
    If i follow he following steps:
    Server side:
    - Create PDF from xdp + xml (using forms).
    - Assign Form Fillin, Digital Signatures and File Attachment (using Reader Extentions)
    Client side:
    - Populate the Form data
    - Attach files
    - Certifiy
    - Sign (multiple Signatures)
    It works fine, but it isn't the workflow i had in previous versions.
    The workflow i have here is:
    Server side:
    - Create PDF from xdp + xml (using forms).
    - Assign Form Fillin, Digital Signatures and File Attachment (using Reader Extentions)
    Client side:
    - Populate the Form data
    - Attach files
    - add Signature (only locks a collections of form fields)
    - Repeat until everyone has attached their files and signed.
    The problem is that this worked fine in versions before 9 (all digital signatures here validated with the yellow exclamation mark indicating new content), but in 9 and up what i get, after validating the signatures in reader, is a information indicating that the signatures are invalid because the document is either corrupt or has been changed.
    Is this a bug or has this been changed from version 8 to version 9?
    I've read the changelist of reader 9 and it talks nothing about this situation or Digital Rights other than form fillin, annotations and digital signtatures (the ones we can choose in the certification wizard of Acrobat Pro).
    Any idea if its possible to implement the second scenario in reader 9, or even if its possible? Is there a guide on the practices Adobe garaties will allow to validate signatures in the following years? Even if it means usings PDFA.
    Thanks in advance.

    One last try.
    You help would really be welcome in finding out the root cause of the difference in behaviour between reader 8 and 9 in this matter (bug or change).
    I have no idea what documentation to read (since i've read the launch documentation and change list documentation) about reader 9, i've contacted Adobe 3 days ago (and the answer is silence, like usuall) and have no clear thought about what to say (without taking a huge risk by giving a uninformed answer) about this issue.
    Thanks.

  • Digital Signatures with Smart Cards

    Hi folks,
    It is my first time with digital signatures on R/3 system. I’m at customer that uses smart cards (hardware cryptography). We are doing the SAPCRYPTOLIB and front end installations. After finish these tasks, we need to implement the signatures into 3 workflow processes. I already read the SSF programmers guide, API specifications and SSF user guide. But I still have some doubts:
    The SSF profile is stored into smart card with private key information, but where are the public keys stored? (PAB – Private Address Book of my trusted circle).
    Do I need the CRLs? Note: this is only for workflow processes that run inside of customer landscape; this is not a B2B scenario.
    We don’t have clear yet how we sign the data; we are thinking sign a BOR object. Create an attribute and use it to pass the signer data. Note: for the customer, the objective is user authenticity guarantee.
    The BOR object instance ends when the flows finish, so wee need to store the signed data for auditable reasons. A database table can be a good approach or there is another standard way?
    P.S.: anyone have documentation about this subject, something like how-to with guidelines?
    Thanks in advance,
    Ricardo.
    Message was edited by:
            Ricardo  Quintino

    The SmartCard device is present at the frontend PC - and that's the place where the digital signature operation has to take place. Important is the "What You See Is What You Sign" principle: it has to be ensured that the data that is to be signed (using the private key stored on the SmartCard) is exactly the same as the one that is displayed to the user.
    Notice: there is a different scenario where the server is signing the data (after prompting the user for userID and password and validating that information).
    The signed data is then transported back to the server where it is stored (to ensure auditibility); usually you'll have to keep the (archived) data for years; the public key need to be archived as well.
    Notice: it is possible to attach the certificate (-> public key) which has been used to sign the data to the signed data.
    Regards, Wolfgang

  • How to validate XML Digital Signature with XML DB (o PL/SQL) in Oracle 11g

    Hi,
    Do you know if there is possibility to validate XML Digital Signature using XML DB (or PL/SQL) in Oracle 11g?
    Let say I have CLOB/XMLType containing Digitally Signed XML, and I want to validate, that thsi is proper signature. I also have public key of signer (I could store it in CLOB or file or Oracle wallet).
    Is it possible to do?
    If there is need to install additional component - then which one?
    Regards,
    Paweł

    Hi,
    this is what i got from someone...
    but the links he gave are not opening up...
    u have to place a picture there and have to load the digital signatures as Jpegs on to the server to OA top
    and have to refer them in the XML for dynamically get the signature on the reports
    when u select the properties of the picture placed in the XML template,
    there will be one tab with "URL"... in that u have to give the path for that jpegs
    Pls refer the following documents for enabling digital signature on pdf documents.
    http://iasdocs.us.oracle.com/iasdl/bi_ee/doc/bi.1013/e12187/T421739T481159.htm#5013638    (refer section 'Adding or Designating a Field for Digital Signature'
    http://iasdocs.us.oracle.com/iasdl/bi_ee/doc/bi.1013/e12188/T421739T475591.htm#5013688
    (Implementing a Digital Signature
    Is the BI Publisher installed on your instance of version 10.1.3.4 or higher?
    Pls procure a digital signature as soon as possible. The process can take time. OR we could use any certificate that you already might have OR generate a certificate using Oracle Certificate Authority for demo.

  • Digital Signature with Flex

    Hi,
    I'm developing a secure flex application in order to mantain user and password catalog, i need to create SSL Transport channel and a non-repudiation request mechanism. I already review that i could achieve first with HTTP Service for SSL and the second with XML Digital Signature but only i find java and .NET APIs for last. Is there an equivalent flex mechanism (or Action Script) to achieve XML Digital Signature?
    Thanks in advance.

    Some time ago I was researching for this but never fallowed through it... I can only give some hints I've found during the process, hope they help:
    http://code.google.com/p/as3crypto/ (this is a lib that handles a lot of encryption methods including public encryption)
    http://www.adobe.com/devnet/air/flex/quickstart/xml_signatures.html (this article talks about what your are trying to achieve, but with Air)
    HTH
    Gus

  • Add Digital Signature Using C# and Acrobat SDK

    Hi everybody!
    Please, how can I digitally sign PDF documents using Acrobat Professional 8 API and C# language?
    I know that I need use JavaScript APIs (IAC) but I can't find anything really helpful in the Acrobat SDK Documentation. Could anyone post a sample of how use javascript manipulation inside C# (Framework 2.0), or give me a direction?
    Thank in advance!

    Hi Felipe,
    when i am signing the document.
    I believe i am missing something in my code. After executing the code to sign, when i open it i get "The following signature fields are not signed".
    Please let me know where i m doing wrong?
    Here is my VB.NET Code
    Dim gapp As Acrobat.CAcroApp
    Dim gpddoc As Acrobat.CAcroPDDoc
    Dim jso As Object
    gapp = CreateObject("acroexch.app")
    gpddoc = CreateObject("acroexch.pddoc")
    If gpddoc.Open("C:\Test1.pdf") Then
    jso = gpddoc.GetJSObject()
    jso.SetUserPassword("'testpassword12'")
    'jso.ShowMyMessage("SetUserDigitalIDPath")
    jso.SetUserDigitalIDPath("'c:\\DrTest.pfx'")
    jso.app.execMenuItem("ADBESDK:AddSignature")
    jso.AddSignature(jso)
    gapp.Show()
    and here is the javascript
    // password to use the digital signature
    var sigUserPwd = "UNKNOWN";
    // to test the sample without user input, specify:
    // var sigUserPwd = "testpassword";
    // path to the digital signature file
    var sigDigitalIDPath = "UNKNOWN";
    // to test the sample without user input, specify:
    //var sigDigitalIDPath = "/C/DrTest.pfx";
    // other variables the user can modify
    var sigHandlerName = "Adobe.PPKLite";
    var sigFieldname = "sdkSignatureTest";
    var sigReason = "I want to test my digital signature program.";
    var sigLocation = "San Jose, CA";
    var sigContactInfo = "[email protected]";
    /* Add a menu item for AddSignature */
    app.addMenuItem( { cName: "ADBESDK:AddSignature", cUser: "Add My Signature", cParent: "Advanced",
    cEnable: "event.rc = (event.target != null);",
    cExec: "AddSignature(event.target)" });
    // main function
    AddSignature=app.trustedFunction(function (doc)
    app.beginPriv(); // explicitly raise privilege
    // if sigDigitalIDPath is not spcified, ask for user input
    if(sigDigitalIDPath == "UNKNOWN"){
    var cResponse = app.response({
    cQuestion: "Input your digital ID path:",
    cTitle: "Digital Signature",
    cDefault: "/C/DrTest.pfx",
    if ( cResponse == null) {
    app.alert("No input.");
    return;
    else
    SetUserDigitalIDPath(cResponse);
    // if sigUserPwd is not spcified, ask for user input
    if(sigUserPwd == "UNKNOWN"){
    var cResponse = app.response({
    cQuestion: "Input your password:",
    cTitle: "Digital Signature",
    cDefault: "testpassword",
    if ( cResponse == null) {
    app.alert("No input.");
    return
    else
    SetUserPassword(cResponse);
    // create a new signature field
    var signatureField = AddSignatureField(doc);
    // sign it
    if(signatureField) Sign(signatureField, sigHandlerName);
    app.endPriv();
    // create a signature field in the upper left conner with name of sigFieldname
    function AddSignatureField(doc)
    var inch=72;
    var aRect = doc.getPageBox( {nPage: 0} );
    aRect[0] += 0.5*inch; // from upper left hand corner of page.
    aRect[2] = aRect[0]+2*inch; // Make it 2 inch wide
    aRect[1] -= 0.5*inch;
    aRect[3] = aRect[1] - 0.5*inch; // and 0.5 inch high
    var sigField = null;
    try {
    sigField = doc.addField(sigFieldname, "signature", 0, aRect );
    } catch (e) {
    console.println("An error occurred: " + e);
    return sigField;
    // define the Sign function as a privileged function
    Sign = app.trustedFunction (
    function( sigField, DigSigHandlerName )
    try {
    app.beginPriv();
    var myEngine = security.getHandler(DigSigHandlerName);
    myEngine.login( sigUserPwd, sigDigitalIDPath);
    sigField.signatureSign({oSig: myEngine,
    bUI: false,
    oInfo: { password: sigUserPwd,
    reason: sigReason,
    location: sigLocation,
    contactInfo: sigContactInfo}
    app.endPriv
    } catch (e) {
    console.println("An error occurred: " + e);
    // set a correct password for using the signature, so you can quietly sign a doc.
    function SetUserPassword(pwd)
    sigUserPwd = pwd;
    // set path to the digital signature file
    function SetUserDigitalIDPath(idPath)
    sigDigitalIDPath = idPath;
    Sumit

  • Digital signature with HSM

    Hi all,
    As you know BI Publisher allows applying digital signature on PDF document. It can be configured vai GUI or you can apply digital signature using Java API supplied with BI Publisher. It's quite straightforward procedure. But problems are coming when you try to make the signature complaint with EU Commission Directive 1999/93/EC or similar US legislature. I do not think everyone is interested in all the details. But the difficulties we have confronted with are related to the fact that BI Publisher API can deal only with Private Key and Certificate stored in PKCS#12 storage. And most of Certification Service providers provide all these data in HSM devices that support only PKCS#11 interface and private key is not extractable.
    So questions are:
    -does anyone aware of supported integration of BI Publisher with HSM devices?
    -may be there is any alternative solution to feed BI Publisher with token from PKCS#11 complaint HSM device.
    -Is there certification service providers who provide certificates in PKCS#12 format?
    Thanks in advance,
    Shavkat

    You can't reset it. Create a new signature.

  • Digital Signature with PDF problem

    I followed the steps in Administrator's Guide for Oracle Business Intelligence Publisher to assign PDF files with Digital Signature ,,
    however when i schedule a new job it succeeds but i don't get my digital signature ,, but i get an empty square with nothing written in it.
    however, when i tried to sign my PDF directly form Adobe and it worked ok ,, so there is no problem with my PSK file,,
    i have uploaded an output sample (you can notice the square, where the DS should be, in the top-center area)
    the sample output
    http://www.mediafire.com/?68kt60sxx3i3aie
    i hope there is a solution to this problem ,,
    Regards
    Alaa

    Gerorge, thank you so much.  I have since upgreaded to Pro and am now trying to figure out how to use the digital signatures correctly.  I have sent out a test form and had a coworker complete, sign and send back but when I open up the form it says I have a signature error.  and then i get this pop up when I click on the signature
    What am I doing wrong?  I work in HR and need these to be valid signatures.  Thank you so much in advance!!!

Maybe you are looking for

  • I have a problem 4GS w/IOS 6

    I was recently using the photo app.  It has locked up with the shutter closed and the flash permanently on.  I have turned off the app but the flash stayers on.  I have powered down but the flash stays on.  I have tried a hard off holding down the ho

  • Error executing a query using VPD and BC4J

    Hi all, Our team is developing an application using an Oracle DB 9.2.0.4 and BC4J 10g (9.0.5.16.0) as persistence layer. We also are using the VPD (virtual private database) to have security in the database at row level. The problem we are facing is

  • Java Web Dyn Pro Jump Start

    Forum Members Can you please help me and provide links,documentation(pdfs etc) which would help me get started with a medium complexity java web dyn pro application.? Any information pertaining to Java Web dynpro will be useful. Moderators: Please no

  • How to implement a repaint when the IE window  is max or min  in a applet?

    Hi!! I already did a applet......and it has a button to print the content....when i press the print buttom�.appears a dialog box about that the �Printing will start to print� �OK��Cancel�, I press the yes button and after appears others dialog box ab

  • Images out of focus?

    I've been using ACDSee as a photo viewer/organzer and linking to photoshop for editing.  I recently upgraded to cs5 photoshp and finally decided to try Bridge since I figured the integration would be better and figured bridge would be using the same