P
Pierre Pavlenyi
Hello Discussion,
I am doing research from my customer, on the use and securing of electronic
forms. I wanted to get some very specific information on InfoPath 2007 and
how it handles digital certificates. I would appreciate any information as a
reply to this message. Even if it is just references to Microsoft MSDN or KB
articles, or other sources.
Specifically, I would like to find the answers to the following questions:
For digital signatures and certificates:
1. What is used for a certificate store (e.g. is it just CAPI or are other
stores supported?)
2. How does the signature mechanism work? How are signatures applied
to single/multiple documents? (flow diagrams would be very helpful)
3. Does it support timestamping? Is it RFC:3161 compliant?
4. Who provides the crypto library? (e.g. Entrust, Microsoft, Adobe,
open source, other?)
5. Does it support Elliptic Curve Signatures?
6. What key strengths are supported?
7. What hash types are supported?
8. Does it honour keyUsage and extendedKeyUsage certificate
fields?
9. Does it honour the certificatePolicy field? How is this propagated
out to the individual users?
10. What format of signatures does it support? (PKCS7, XML-DigSig, etc.)
If XML-DigSig, what form (Embedded, Detached, etc.)
11. Can it handle multiple signatures (a signature on a signed
document)? If so, are the signatures be applied sequentially?
13. Can they handle multiple signatures (a signature on a signed
document)? If so, are the signatures be applied sequentially?
14. At the time of signing of a / many documents, can the documents be
encrypted? Does this encryption use another certificate
(i.e. it uses one certificate for signing, and another for encryption)?
When validating digital signatures:
1. Does it handle RFC:3280 (see Section 6 in particular) Path
Discovery and Validation?
2. How does it handle trust anchors (as defined in RFC:3280)?
3. Which revocation mechanisms does it support? CRL? OCSP? SCVP?
4. If timestamping is supported, how does the verification process work?
How is this validation conveyed to the user?
Thank you!
I am doing research from my customer, on the use and securing of electronic
forms. I wanted to get some very specific information on InfoPath 2007 and
how it handles digital certificates. I would appreciate any information as a
reply to this message. Even if it is just references to Microsoft MSDN or KB
articles, or other sources.
Specifically, I would like to find the answers to the following questions:
For digital signatures and certificates:
1. What is used for a certificate store (e.g. is it just CAPI or are other
stores supported?)
2. How does the signature mechanism work? How are signatures applied
to single/multiple documents? (flow diagrams would be very helpful)
3. Does it support timestamping? Is it RFC:3161 compliant?
4. Who provides the crypto library? (e.g. Entrust, Microsoft, Adobe,
open source, other?)
5. Does it support Elliptic Curve Signatures?
6. What key strengths are supported?
7. What hash types are supported?
8. Does it honour keyUsage and extendedKeyUsage certificate
fields?
9. Does it honour the certificatePolicy field? How is this propagated
out to the individual users?
10. What format of signatures does it support? (PKCS7, XML-DigSig, etc.)
If XML-DigSig, what form (Embedded, Detached, etc.)
11. Can it handle multiple signatures (a signature on a signed
document)? If so, are the signatures be applied sequentially?
13. Can they handle multiple signatures (a signature on a signed
document)? If so, are the signatures be applied sequentially?
14. At the time of signing of a / many documents, can the documents be
encrypted? Does this encryption use another certificate
(i.e. it uses one certificate for signing, and another for encryption)?
When validating digital signatures:
1. Does it handle RFC:3280 (see Section 6 in particular) Path
Discovery and Validation?
2. How does it handle trust anchors (as defined in RFC:3280)?
3. Which revocation mechanisms does it support? CRL? OCSP? SCVP?
4. If timestamping is supported, how does the verification process work?
How is this validation conveyed to the user?
Thank you!