Chapter 14, Security, Control, and Digital Signatures
XFA Specification
Signed Forms
411
Role of <signData> and <Signature> in producing a digital signatures
<event activity="click">
<signData operation="sign">
...
</signData>
</event>
User clicks the button associated with the event
<signData>
Data and other items
specified in manifest
Data includes all or part of any of the objects (packets)
normally written out as XDP. For example, the manifest
may specify only part of the data object or it may
specify all of the objects.
optional
XFA processing
application
a. Transformations
b. Canonicalization algorithm
c. Signature algorithm (handler)
<Signature>
Public key certificate
and personal info
Removing a Signature
An XFA processing application produces an XML digital signature in response to a user activating an event
that contains a
signData
property with a
operation
property of "
clear"
. Such an event is usually
activated by the user clicking a button.
In response to such an event being activated, the XFA processing application removes the signature
signature by simply by stripping out the signature object. This can be done by anyone with access to the
document. Hence, signatures are hard to apply (i.e. they require possession of private keys to apply) but
they are easy to remove.
Verifying a Signature
An XFA processing application produces an XML digital signature in response to a user activating an event
that contains a
signData
property with a
operation
property of "
verify"
. Such an event is usually
activated by the user clicking a button.
In response to such an event being activated, the XFA processing application invokes the signature
handler, specifying that signature verification is desired and supplying a pointer to the signature object.