Digital Signature Help

[Alex Anderson]

Everyone,

My setup is Inforpath 2007, SQL 2005 backend, no sharepoint or forms
service. I'm trying to implement a workflow so that when my user fills out
their portion of the form, then the form is sent back to me for review, and
if approved I sign it. I got my form pretty much set up with different
sections however in attempt to test out the digital signatures, when I submit
the form, I'm getting an error "This value has been digitally signed and
cannot be changed." Is this a limitation to how my envirnoment is set up or
am I doing something wrong?

Thank you
Alex Anderson

 

[Alex Anderson]

I have more information on my "potential problem."

It appears that the information is being submitted to the SQL database,
however Infopath is telling me that there were errors? Are there really
errors or is this a bug? Again the only error it's telling me is "This value
has been digitally signed and cannot be changed." I think this can be
confusing to my users because it raises a flag that the submission didn't
work. Help!

Thank you
Alex Anderson

 

[K Dales]

Are you indeed changing data that has already been signed?

You may know this already, but in case you don't: digital signatures do not
only stamp the form with the user's credentials and a datetime stamp, they
also make sure the data on the form has not been changed since it was signed.

 

[Alex Anderson]

K Dales:

Thanks for the reply. I'm baffold because I cannot find any programing I've
put into my form nor can I find anything suspecious under Logic Inspector.
I've changed around my database quite a bit and I'm wondering if Infopath
ghosts old settings by chance? Basically, do I need to go through the code
with a find tooth comb and find any that could be being updated regardless if
I hit the submit button or not? My form is a trusted (not fully trusted)
from with a digital signature I created throuhg my CA authority. That has
nothing to do with it? I've read that one of the benefits of going to a
fully trusted form are the annoyning error or informational warnings that
appear. I have not tried a full trusted form because of the process
Microsoft wants you to take to make one. It's quite involved and error
prone. Thanks for your help!

Thank you
Alex Anderson

 

[K Dales]

"I've changed around my database quite a bit" may be the problem. Infopath
itself would not "ghost" any settings but the digitial signature does capture
the "state" of the data at the time it is signed. Digital signatures - by
design - are meant to prevent changes after the data is signed.

It works like this: when someone signs the data, all the existing data on
the form is encrypted using that person's certificate. This gives an encoded
value that gets stored with the digital signature. When another user "reads"
the signature, the encrypted value is again computed using the certificate's
public key. If all the data is the same as when the form was signed, the
values match and the signed form is verified. If any of the data has changed
- if any of it was edited, or erased, or also (I presume) if the database
structure was changed, the signature will no longer be validated. Like I
said, this is by design - if you sign a contract, you don't want your
signature to be validated on a changed version of that contract, do you?

So I think this is what you are seeing - your changes may have invalidated
all the prior signatures. However, I don't have enough experience working
with signatures in InfoPath to be able to tell you how to work around this -
maybe some other user can help you.

 

[Alex Anderson]

K Dales:

Thanks for the information regarding signatures. You've led me (I think) in
the right direction because I do have two signatures on the form. Basically
my users sign their portion they fill out then it's sent over to me for
approval, thus I put my signature and submit the information. Perhaps I need
to rethink the workflow of this and make sure my type of signing (co-signing,
or counter-signing) is correct for what I'm trying to accomplish. I believe
right now, both my signatures on my form are co-signing format. I'll relook
at my format. Thanks again for your help.

Thank you
Alex Anderson