Applies to version: 2020.1.x and above; author: Marcin Pisarek
From WEBCON BPS 2020, you can sign PDF and/or DOCX attachments on the MODERN form. To do so, you need to use digital signatures (x.509 certificates).
This article describes two actions:
Detailed information about signing attachments and digital signature you can find at Applying digital signatures to attachments.
A simple workflow was configured:
Fig. 1. Workflow configuration – schema
The workflow consists of the following steps:
The “Sign an attachment” and “Verify attachment’s signature” actions will be configured in the “Verification” step.
Configuration of the “Sing an attachment” action
Signing of the attachment by a user is possible only within the context menu of the individual attachment. This signature is implemented for individual attachments.
The “Sign an attachment” action is configured in the “Attachments menu”. Notice, that the action name will be displayed in the attachment context menu from the form level. After adding the “Sign an attachment” action, go to their configuration by using the “Configure” button.
Fig. 2. Configuration of the “Sign an attachment” action
In the configuration of the action select the “Signature performed by the user”. By default, the signed file will have the same name, category and description as the source file – in this case the new version of this attachment will be created. The system allows you to change the method of converting the file in the “Configuration of signed attachments” section.
Verification of the “Sign an attachment” action
To use this action you need to open the form from the Internet Explorer (requires using the Active-X component).
To sign the attachment, the user must expand the context menu and select the signature action. For the above configuration this action is available in the “Verification” step.
Fig. 3. The form – selecting the “Sign an attachment” action from the context menu
Then a window will appear where you indicate the selected digital signature (x.509 certificate) with which the attachment should be signed.
Fig. 4. The form – selecting the digital signature
After selecting the certificate, the attachment will be electronically signed when the certificate is compatible with the publisher’s filter set.
Fig. 5. The form – a message about completing the “Sign an attachment” action
The signed file can be also verified in the PDF document viewer. For the signed attachments the “Signatures” section will be displayed.
Fig. 6. The attachment – sign verification in the PDF viewer
The verification process allows you to check the certificate publisher and digital signature parameters (the validation date, publisher trust etc.)
This action can be configured for the context menu of the individual attachment in the “Attachments menu” option or on the transition/final path. After adding this action on the “Verified” path, go to their configuration by using the “Configure” button.
Fig. 7. Configuration of the „Verify attachment’s signature” action
The configuration of the action was divided into three sections:
Attachments to be processed
The method of selecting the attachment for which the verification will be performed. It can be realized based on the category, regular expression or SQL query.
This section defines the following parameters: validation level, certificate publisher filter.
There are two validation levels:
In the “Certificate issuer filter” field the certificate publisher is defined. This option allows you to select only the trusted publisher – in our case, it is the digital certificate.
In the “Behavior” field there are two options:
Verification of the “Verify attachment’s signature” action on the MODERN form
To verify the digital signatures, go through the path on which the “Verify attachment’s signature” action is defined or by using the context menu of the individual attachments.
For the above configuration, the action is available on the “Verified” path in the “Verification” step. By going through the path, the action of verification will be performed and the instance will move to the “Archive” step. The result of the configuration will be saved in the indicated form fields in the configuration of the action.
Fig. 8. The form – result of the configuration