Digital Signatures for SharePoint Data

By Larry Kluger posted 02-13-2014 04:44


Digital Signatures for SharePoint Data

Much of the time, “electronic signature” and “digital signature” refer to signing a document by using the computer instead of a pen.

But digital signatures can also be used to sign data.

Intermission: Larry Kluger Live

For more on digital signatures and SharePoint, or if you just want to hear me live, please join us for an AIIM Webinar on March 12th, “SharePoint Workflows + Digital Signatures: No more paper, Fast ROI.” More information and free registration.

We’re back: Why sign data?

Document formats such as PDF or Word are “end” formats—once the document is written, it is difficult and unreliable for computer software to retrieve information from the document.  But you often want to use the document’s information for further analysis, reports in different formats, summaries, or as input to another business process.

So how can a person sign a document’s information to certify or approve it, guarantee that the information will not be altered and still enable further processing as described above? The answer is to sign the information—the data—not the document.

How to sign data

Two techniques are commonly used to sign data. In both cases, you have the digital signature guarantee that the signed data has not been changed and assurance of who signed it. The signatures can be independently verified and audited since digital signatures are open, standard technology.  

Signing XML data

Digital signatures can be added to XML data structures using standard techniques. The W3  XML Signature and XAdES standards are used. Digital signature systems from my company and others support these standards for both signing XML data and verifying a signed XML data file.

Using these standards to sign XML data produces a single file that includes both the data and the digital signature or signatures.

Since the signed XML data file is still an XML file, its data can easily be read by software applications and used for further processing, reporting, etc. XML is a machine-readable format, not an end format. Signed XML data is still data, ready for further use.

But it is not always convenient to store data in an XML format. To sign data without using XML, we use Detached Signatures.

Signing any data using detached signatures

Any “bundle of bits” can be signed, with the resulting digital signature stored in a separate (“detached”) file. The .p7b file type is the recommended standard for detached signatures.

These signatures can also be independently verified by supplying both the data file and the p7b signature file to the verification software.

Signing SharePoint data

Look for a SharePoint “connector” or “adapter” from your digital signature supplier. In addition to signing PDF, Word and other files, it should enable SharePoint List items to be signed. It should also enable list signatures to cover only certain fields for each item in the list.

For example, a SharePoint List is used to record results of a quality assurance test. Each item in the list is for a different production piece that was tested. Each list item includes multiple fields and the list item is digitally signed by the person who conducted the test.

The digital signature will be configured to cover all of the list’s fields except for a comment field. This enables a list item’s data to be signed, but comments can still be added or modified without invalidating the list item’s signature.

Since the signed data is stored in a SharePoint list, it is easy for workflow to retrieve the data and use it for further business processes including reports, additional analysis, etc.

Publishing signed SharePoint data

Okay, you now have important data signed and stored in SharePoint. How should it be published for review and action? We’ll cover these topics and more in future columns. Let me know what you think, please comment below.

Image credit: NASA Earth Observatory

#electronicsignatures #digitalsignature #digitalsignatures #xml #SharePoint #sharepoint