48
Table of Contents
iii
Operations on Signatures in Adobe Acrobat X/XI Documents .......................................................................... 92
Certifying an Adobe Acrobat Document – Acrobat X/XI ...................................................................................... 94
Using the Update Acrobat Option in the Graphical Signatures Utility ............................................................ 96
Validating CoSign Signatures Using Adobe Reader X/XI ..................................................................................... 96
Signing an Acrobat Document Using Adobe Reader X/XI ................................................................................... 98
Signing a PDF document Without Using Adobe Acrobat .................................................................................... 98
Signing in Adobe Acrobat/Reader X/XI Using Adobe Roaming ID .......................................................................... 98
Generating a Roaming ID Profile .................................................................................................................................... 99
Signing a Signature Field that Contains a URL ....................................................................................................... 102
Chapter 8: OmniSign – Signing PDF and non-PDF Files ............................................................................... 105
Overview of OmniSign .............................................................................................................................................................. 105
Launching OmniSign ................................................................................................................................................................. 105
Launching OmniSign with a PDF file ........................................................................................................................... 105
Launching OmniSign with a Remote PDF File Using the WebDAV Protocol .............................................. 106
Launching OmniSign with a non-PDF file ................................................................................................................. 106
Getting Started with OmniSign ............................................................................................................................................. 107
Inserting a Digital Signature Field ........................................................................................................................................ 110
Signing an Empty Digital Signature Field .......................................................................................................................... 111
Creating and Signing a Digital Signature Field ............................................................................................................... 111
Inserting an Electronic Signature Field ............................................................................................................................... 112
Signing an Electronic Signature Field ................................................................................................................................. 112
Creating and Signing an Electronic Signature Field ...................................................................................................... 113
Performing a Multi-Page Signature Operation ............................................................................................................... 113
Saving the Signed File ............................................................................................................................................................... 115
Validating All Signatures .......................................................................................................................................................... 115
Viewing Signature Details ........................................................................................................................................................ 115
Performing Operations on a Single Signature Field ...................................................................................................... 117
Configuring Default Signature Settings ............................................................................................................................. 117
Configuring General OmniSign Settings ................................................................................................................... 120
Configuring OmniSign Saving Options ...................................................................................................................... 121
Configuring Default Signature Settings for a Single Signature ................................................................................ 121
Configuring the Signature General Parameters ...................................................................................................... 123
Configuring the Signature Appearance ..................................................................................................................... 123
Configuring Clear Signature Field Policy ................................................................................................................... 124
Configuring Date and Time Format............................................................................................................................. 124
Viewing the Signature Field Size and Position ........................................................................................................ 125
Restoring Default Settings....................................................................................................................................................... 125
Batch Signing ................................................................................................................................................................................ 126
OmniSign Menu Bar................................................................................................................................................................... 126
Chapter 9: The ARFileSign Utility ................................................................................................................... 129
Overview ......................................................................................................................................................................................... 129
Signing TIFF Files ......................................................................................................................................................................... 129
Using ARFileSign for TIFF Files ...................................................................................................................................... 129
Signing XML Files ........................................................................................................................................................................ 130
Using ARFileSign for XML Files ..................................................................................................................................... 130
Signing Other Files ..................................................................................................................................................................... 131
45
iv
Using ARFileSign for Adobe Files ................................................................................................................................ 131
Using ARFileSign for Word 2003 Files ....................................................................................................................... 131
Using ARFileSign for Word/Excel 2007/2010/2013 Files .................................................................................... 131
Using ARFileSign for InfoPath 2007/2010/2013 Files .......................................................................................... 131
Executing arfilesign.exe ............................................................................................................................................................ 132
The arfilesign.exe Options ............................................................................................................................................... 132
Chapter 10: Signing WordPerfect Documents ............................................................................................ 135
Signing a WordPerfect Document ....................................................................................................................................... 135
Modifying a Signed WordPerfect Document .................................................................................................................. 137
Validating Signatures in WordPerfect Documents ........................................................................................................ 137
Viewing Details about Invalid Signatures ................................................................................................................. 138
Validating CoSign Signatures without CoSign........................................................................................................ 138
Chapter 11: Signing Outlook Emails ............................................................................................................. 139
Signing Outlook Emails ............................................................................................................................................................ 139
Configuring Outlook ......................................................................................................................................................... 139
Installing the Root Certificate ........................................................................................................................................ 141
Sending Signed Email Messages .................................................................................................................................. 141
Receiving Signed Email Messages ............................................................................................................................... 141
Signing PDF Attachments ............................................................................................................................................... 142
Signing Outlook Express Emails ............................................................................................................................................ 143
Configuring Outlook Express ......................................................................................................................................... 143
Sending Signed Email Messages .................................................................................................................................. 144
Receiving Signed Email Messages ............................................................................................................................... 145
Installing the Root Certificate ........................................................................................................................................ 145
Chapter 12: CoSign Configuration Utility .................................................................................................... 146
Overview ........................................................................................................................................................................................ 146
Using the CoSign Configuration Utility .............................................................................................................................. 147
CoSign Configuration Utility Menus ........................................................................................................................... 149
Running the CoSign Configuration Utility in End User Mode ................................................................................... 150
Viewing and Editing CoSign Client Settings ............................................................................................................ 151
Applying the Changes to the Local Windows Registry ....................................................................................... 151
Reloading the Windows Registry Configuration .................................................................................................... 151
Exporting the Configuration to a Configuration File ............................................................................................ 151
Importing Settings from a Configuration File ......................................................................................................... 152
Setting Client Configuration – CoSign Client .................................................................................................................. 152
Client - Appliances ............................................................................................................................................................. 152
Client – Login Dialog......................................................................................................................................................... 155
Client – Timeouts ................................................................................................................................................................ 157
Client – Miscellaneous ...................................................................................................................................................... 158
Setting Signature API Configuration ................................................................................................................................... 159
Signature API – Time Stamp .......................................................................................................................................... 160
Signature API – Certificate Revocation ...................................................................................................................... 161
Signature API – Graphical Signatures ......................................................................................................................... 163
Signature API – External Validation ............................................................................................................................. 165
C# PDF Library SDK to view, edit, convert, process PDF file for C# PDF SDK for .NET allows you to read, add, edit, update, and delete PDF file metadata, like Title, Subject, Author, Creator, Producer, Keywords, etc.
batch pdf metadata; read pdf metadata online
23
Table of Contents
v
Signature API – Reasons .................................................................................................................................................. 166
Signature API – Miscellaneous ...................................................................................................................................... 167
Setting Microsoft Office Configuration .............................................................................................................................. 169
Microsoft Office – Appearance ..................................................................................................................................... 169
Microsoft Office – Settings ............................................................................................................................................. 171
Microsoft Office – Excel Specific ................................................................................................................................... 173
Microsoft Office – Word Specific.................................................................................................................................. 175
Microsoft Office – Miscellaneous ................................................................................................................................. 176
Setting OmniSign Configuration........................................................................................................................................... 178
OmniSign – Profiles ........................................................................................................................................................... 178
OmniSign – Miscellaneous .............................................................................................................................................. 183
Chapter 13: Troubleshooting .......................................................................................................................... 185
General Problems ........................................................................................................................................................................ 185
ARX Add-Ins Present a Failed to Select Certificate Message ............................................................................ 185
Cannot See Any Certificates in Store .......................................................................................................................... 186
Cannot Enable the “Add Digital Signature to Outgoing Messages” Checkbox in Outlook .................. 186
Problems Related to ARX Legacy Word/Excel Add-In.................................................................................................. 186
Cannot Create a Digital Signature Field Using the ARX Legacy Add-in ........................................................ 186
Problems Related to OmniSign ............................................................................................................................................. 187
Cannot Create a Digital Signature Field Using OmniSign .................................................................................. 187
Index ................................................................................................................................................................... 189
39
1
Chapter 1: Overview
Over the last four decades, the biggest challenge of IT departments in many organizations was moving to a
paperless work environment. Seemingly, there was tremendous success in this regard. Today, most
transactions in the business world are performed electronically:
Documents are written using word processing programs.
Messages are sent via email.
Inventories and purchases are tracked using Enterprise Resource Planning (ERP) systems.
Medical information is stored in Electronic Medical Record (EMR) systems.
Although these transactions are performed in a paperless environment, organizations have still not managed
to find an easy way to get rid of the paper used for data authentication (signing the authenticity of the data).
Today, although organizations have invested large amounts of funds and other resources in creating
paperless environments, their workers are still printing every transaction, signing it, and saving the printed
copy. These organizations require a digital method for data authentication.
By moving to a viable electronic data authentication system, organizations can reduce their printing,
archiving, shipping, and handling costs. In addition, better and more competitive customer service can often
be provided.
Requirements for Data Authentication Systems
A viable data authentication system must meet the following specifications:
Security – The system must ensure that no one other than the data creator can tamper with or change
the data in any way.
Third-party validation – The system must enable any third party to validate the authenticity of the
data. If a dispute arises between the parties (the data creator and recipient), any third party must be
able to validate the data authenticity in order to settle the dispute.
System independence – Data authentication must be independent of the system that created the data.
Users must be able to validate the authenticity of the data using a known standard that is
independent of any specific system.
Validation over time – Users must be able to validate data authenticity at any point in time.
Authenticity cannot expire at any point.
Currently, the only data authentication method known to support all of these requirements is the Public Key
Infrastructure (PKI) method of authenticating data, simply called “digital signatures”.
32
1
CoSign User Guide
2
Introduction to CoSign
CoSign is a PKI-based, off-the-shelf digital-signature solution that can be integrated with a wide range of
applications. In this way, CoSign enables organizations to embed digital signatures in various documents,
forms, and transactions. CoSign is a turnkey, hardware-based solution that is easily and quickly deployed in
the network and provides cost-effective digital-signature capabilities for the organization.
CoSign includes all the components needed for PKI-based digital-signature deployment. You do not need to
install any other device or integrate any other component for the system to work.
Environments Supported by CoSign
CoSign integrates with leading user management systems, including Microsoft Active Directory and a variety
of LDAP (Lightweight Directory Access Protocol) based directories, such as IBM Tivoli. This integration
ensures no overhead in managing the digital-signature system and signature credentials (i.e., the private
keys that are needed in a PKI environment), solving one of the main problems of legacy digital-signature
systems. System managers, network managers, and end-users can continue to use the IT infrastructure in the
same manner as before CoSign was installed.
CoSign stores the signature credentials in a secure server, ensuring that the signer has exclusive access to his
or her signature credentials, while still maintaining a centrally managed solution. This is necessary in order to
fulfill the security requirement of the data authentication system.
Another option is to use the CoSign Cloud service. An organization can register its users to the service and
thus enable them to digitally sign content without having to deploy the CoSign appliance on the
organizational premises.
CoSign Login Prompt
When CoSign is installed in Directory Independent mode, you are prompted with a user login window
whenever you access your account in the CoSign appliance.
Figure 1 Login Window
In the
User name
field you enter your identity as defined by your organization. Often, this is your
email address.
29
Overview
1
3
In the User’s password
field
you enter your password.
Note: Take care not to reveal your password, because it is also used in the digital signature authorization
process.
Note: Follow your organizational password policy rules, such as minimum password length. Remember to
to
change your password according to the organizational policy.
CoSign Extended Authentication
In some environments, such as when CoSign is installed in Common Criteria EAL4+ mode, users are required
to supply additional information as part of the digital signature to extend the security of the transaction.
There are several types of extended authentication; the most common are described below.
Simple Extended Authentication
In this mode, you must provide your password as part of every digital signature operation.
Figure 2 Password required for Digital Signature Operation
Extended Authentication based on One Time Password (OTP)
In this mode, whenever you wish to sign a document or data, you must provide an OTP.
The OTP is displayed in an OTP device provided to you by the organization.
Some OTP devices are event-based OTP devices. They include a button that must be
pressed whenever you need to provide an OTP.
Note: Make sure to always carry your OTP device with you and keep it safe from unauthorized usage.
Note: If you are using an event-based OTP device, make sure not to press the button without entering the
the
OTP code in the login window. Otherwise you may lose synchronization between the OTP device and the
organizational OTP validation processing.
46
1
CoSign User Guide
4
Extended Authentication based on Password and OTP (One Time Password)
This mode is used when CoSign is installed in Common Criteria EAL4+ mode.
In this case, you must enter both a password and an OTP in order to authorize a digital signature. Please
follow the guidelines listed above for keeping both your OTP device and your password secure.
Using CoSign in an ADFS environment
It is possible to access a CoSign appliance that is deployed in another organization based on trust between
the local organization and the remote hosting organization.
Access is enabled as follows: the end user is supplied with a SAML ticket provided by the local organization.
This SAML ticket is presented to the remote organization and used to authenticate the local user.
This mechanism is based on an ADFS (Active Directory Federation Services) deployment in the local
organization. For more information, refer to http://msdn.microsoft.com/en-us/library/bb897402.aspx.
To enable this mechanism:
If the PC of the CoSign client in the local organization is running Windows 7, install the package
from http://www.microsoft.com/en-us/download/details.aspx?id=17331 on the PC of the CoSign
client in the local organization.
If the PC of the CoSign client in the local organization is running Windows 8, you need only to
select the
Windows Identity Foundation
option in the Control Panel’s
Turn Windows
features on or off
section.
To enable end users to use ADFS, perform some minor configuration in the CoSign Configuration
utility (refer to Client - Appliances).
Using CoSign in Common Criteria Mode
The CoSign appliance can be installed in a Common Criteria EAL4+ mode of operation. CoSign Common
Criteria deployments must be installed in a Directory Independent environment. In this mode of operation,
the following additional procedures and activities are required from the end user:
Any digital signature operation must be authorized by presenting the user’s password and an OTP
displayed by the user’s OTP device.
All first-time users must activate their account before they can perform any operation in the account,
such as generating a signature key or signing. For more information, refer to User Activation below.
User Activation
In a Common Criteria EAL4+ mode, the first time you wish to use your CoSign account you must first
perform an activation operation. This operation must be performed only once.
During activation you must supply the given activation password (existing password), the new desired
password, and the OTP as it appears in your personal OTP device.
Documents you may be interested
Documents you may be interested