About digital signatures

Microsoft Office InfoPath

previous page next page

Show All Show All

About digital signatures

Microsoft Office InfoPath 2003 uses XML Signatures to enable you to digitally sign a form using a digital certificate. The certificate used to create this signature confirms that the form originated from the signer, and the signature confirms that it has not been altered.

Obtaining digital certificates

You can obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., or from your internal security administrator or Information Technology (IT) professional. Or you can create a digital signature yourself using the Selfcert.exe tool.

InfoPath will use only certificates that have a private key and that have a Digital Signature value for the Key Usage attribute. In addition, the purpose of the certificate should be Client Authentication. These restrictions are a result of InfoPath's use of XML Signatures for digitally signing forms. Other types of certificates that are valid in other Microsoft Office applications may not be valid for digital signing in InfoPath.

Note  Because a digital certificate you create yourself is not issued by a formal certification authority, forms signed by using such a certificate are referred to as self-signed forms. Certificates you create yourself are considered unauthenticated and will generate a security warning if the security level is set to High or Medium. InfoPath trusts self-signed certificates only on computers that have the private key for that certificate available (usually, this is only the computer that created the certificate, unless the private key is shared with other computers).

Commercial certification authorities

To obtain a digital certificate from a commercial certification authority, such as VeriSign, Inc., you or your organization must submit an application to that authority.

To learn more about certification authorities that offer services for Microsoft products, see the Microsoft TechNet Security Web site.

Depending on your status as a developer, you should apply for a Class 2 or Class 3 digital certificate for software publishers:

  • A Class 2 digital certificate is designed for people who publish software as individuals. This class of digital certificate provides assurance about the identity of the individual publisher.
  • A Class 3 digital certificate is designed for companies and other organizations that publish software. This class of digital certificate provides greater assurance about the identity of the publishing organization. Class 3 digital certificates are designed to represent the level of assurance provided today by retail channels for software. An applicant for a Class 3 digital certificate must also meet a minimum financial stability level based on ratings from Dun & Bradstreet Financial Services.

When you receive your digital certificate, you are given instructions on how to install it on the computer you use to sign your InfoPath forms.

Internal certification authorities

Some organizations and corporations might have a security administrator or group act as their own certification authority and produce or distribute digital certificates by using tools such as Microsoft Certificate Server. Microsoft Certificate Server can function as a stand-alone certification authority or as part of an existing certification authority hierarchy. Depending on how Microsoft Office digital-signature features are used in your organization, you might be able to sign forms by using a digital certificate from your organization's internal certification authority. Or you might need to have an administrator sign forms for you by using an approved certificate. For information about your organization's policy, contact your network administrator or IT department.

previous page start next page