Chapter 14, Security, Control, and Digital Signatures
XFA Specification
Signed Forms
409
repudiability is described in the
PDF Reference
[PDF]
A primer on electronic document security
[ElectronicSecurity].
Using XML digital signatures to establish non- repudiable documents is beyond the scope of this
specification.
Usage Rights Signatures (Ubiquitized Documents)
Usage rights signatures are a PDF feature that enables additional interactive features that are not available
by default in a particular viewer application (such as Adobe Reader). Such a signature is used to validate
that the permissions have been granted by a bona fide granting authority and to determine which
additional rights should be enabled if the signature is valid. If the signature is invalid because the
document has been modified in a way that is not permitted or if the identity of the signer has not granted
the extended permissions and additional rights are not granted.
Usage rights signatures are applied as described in
“Adding a PDF digital signatures to an existing
template” on page 406.
XML digital signatures do not specify usage rights.
XML Digital Signatures
XFA specifies the structures used to support XML digital signatures. One structure specifies the
signature-related operation the XFA processing application should perform and the other contains the
result of a signing operation — an XML digital signature. An XFA processing application produces an XML
digital signature when the person filling out a form activates an event that contains instructions for
producing a signature.
The structure that specifies the signature-related operation is an XFA template element (
signData
). This
structure provides operations for signing a form. It also provides operations for verifying and clearing
existing signatures. The operation to perform is determined by the
operation
subproperty. When the
value of
operation
is
sign
the effect is to create the signature. When the value is
verify
the effect is to
verify the data against the signature and generate a message if it does not match. Scripts can also
manipulate XML digital signatures using methods of the
xfa.signature
object.
The structure that contains the result of a signing operation (
Signature
) is an XML element that resides
outside the template namespace.
[XMLDSIG-CORE]
they are represented in a
Signature
property, with the following additions: XFA augments the
Signature
object with information that allows XFA processing applications to verify and clear the
signature. This addition information is discussed
“Template Provides Instructions on Signature Operation”
on page 412.
Signing a Form
An XFA processing application produces an XML digital signature in response to a user activating an event
that contains a
signData
property with an
operation
property of "
sign"
. Such an event is usually
activated by the user clicking a button. In response to the event activation, an XFA processing application
performs steps such as the following, although the exact steps are application-dependent:
1. Initiate a dialog with the person filling out the form to determine which of the user’s private certificates
should be used to produce the signature. Typically certificates are used only when the application and
handler specify a signature algorithm that supports a public key-based signature algorithm.