Using electronic signatures in Notes® applications

About this task

For extra security in Notes® applications, you can design forms that will attach electronic signatures to documents. Electronic signatures assure a reader that the writer's identity is genuine and that information has not changed since the writer mailed or saved the document.

Note: Signatures are valid only in Notes® applications; they are not supported on the Web.

How designers create a form

About this task

To design a form whose documents can be signed, you create at least one field to which you assign the property "Sign if mailed or saved in section." This feature is available only for forms that are mail-enabled and for forms that contain controlled-access sections.

You can enable signing of one or more fields on a form. If the field is in a controlled-access section, the signature applies only to the section and is generated when the document is saved. If the field is not in a controlled-access section, the signature is generated only when the document is mailed.

To generate multiple signatures on a form, create multiple signature-enabled fields in separate controlled-access sections.

How Designer stores and verifies electronic signatures

Procedure

Domino® Designer combines the data in a signature-enabled field with the private key from the sender's User ID to create a unique electronic signature. Designer stores the signature, along with the public key and the list of certificates from the sender's ID, in the document.

Storing signatures in documents

About this task

Designer stores signatures in mailed documents with the document.

If a user with Editor access in the database ACL changes a field in a document, Notes® replaces the existing signature with the signature of the editor when the document is mailed. Notes® cannot save more than one mail-time signature for a document.

If the document contains several signature-enabled fields, Designer uses data from each signature-enabled field to generate a signature. After mailing, a change in any field causes verification to fail when the recipient opens the document.

Storing signatures in sections

About this task

Instead of signing an entire document, you can sign a section within a document and store an electronic signature with the section.

  • For documents with one sign-enabled, controlled-access section, Designer stores the signature with the section.

    If a user with Editor access in the database ACL changes a sign-enabled section, Designer replaces the existing signature with the editor's signature when the document is resaved.

    If there are several sign-enabled fields in the section, Designer uses data from each sign-enabled field in the section to generate a signature. After saving, a change to a field in the document causes verification to fail when a reader opens the document.

  • For documents with several sign-enabled, controlled-access sections, Designer stores signatures within each section, so it is possible to maintain multiple signatures for a document.

    If a user with editor access changes one or more sign-enabled sections, Designer replaces all original section signatures with the newer signature when resaving the document. Designer preserves the existing signatures for sections for which the user has no access.

    If there are several sign-enabled fields within a section, data from all the sign-enabled fields in that section is used to generate a signature. A change in any fields in the document after saving causes verification to fail when a reader opens the document.

Example of signature verification

Procedure

  1. Mary mails or saves a sign-enabled document. Notes® uses the private key from Mary's User ID and the sign-enabled field data to create a unique signature. Domino® Designer also stores Mary's public key and certificates with the document.
  2. David opens the signed document to read it.
  3. Notes® checks to see if the document was signed. If it was, Designer checks the signature against the data to see if it matches.
  4. Notes® checks the certificates that came from Mary's ID against David's ID to see if they share a common certifier or cross-certificate in the ID.
  5. One of the following occurs:
    • If the signature and data are verified, Notes® displays a message indicating who signed it.
    • If the data has been modified, Notes® displays a message indicating that the document has been changed or corrupted since Mary saved it. David should not assume that the content of the document is what Mary created.
    • If the signature can't be verified or David and Mary don't share a common certificate, Notes® displays a message that the signature can't be verified. David should not assume that Mary created the document.

Results

For more information on certification, see Domino® Administrator Help.