To guarantee a high level of security, the HybridForms signature ink control can be extended by adding the name of the signer in the form templates. The signature input field provides a background (Guilloche) pattern, a time stamp and the form item GUID programmatically. Altogether this helps to ensure a maximum of security.
The newest release offers the option to encrypt the obtained data and store the data at an extraordinary high level of security.
The HybridForms signature controls store additional information beside the actual image of the signature and create an additional file (using the GIF format) that stores the timeline and vector data of the signature.
Because these files contain sensitive data, you now have the option to encrypt those files using public-key cryptography.
Therefore, you need a certificate created with the standard OpenSSL tools.
On a Windows platform, e. g use the WIN32-OpenSSL (a license is required for commercial use) or one of the alternate versions.
The HybridForms documentation describes the format and creation of the certificate in detail.
This new feature changes the handling of the signature storage:
- Without encryption
The ISF file created when a signature control is used, is no longer uploaded directly as SharePoint attachment, but stored in a ZIP file container.
- With encryption
Additional files are stored in the ZIP file container:
- keyinfo.json: this file contains additional information on the cryptographic algorithms used, key sizes, information of the certificate (issuer, serial, fingerprint) and the time of the signature done and assists in the process of certificate management
- *_isf.gif.aes: this is the AES encrypted ISF file.
- *_isf.gif.aes.key: this is the AES key used to encrypt the ISF file, and is encrypted with the public key from the certificate in the form definition. The AES key is created from the systems random source as part of the encryption process.