E-Lock Home
Home / Solutions / E-Lock FormSeal / FormSeal FAQ
FormSeal
FormSeal
Formseal Features
Formseal Features
FormSeal Workflow
FormSeal Workflow
Contact Us
Contact Us
Write to Us
Request assistance digital signature products

FormSeal FAQ

What components does FormSeal consist of?

FormSeal consists of a Server component and a Client component.

What are the requirements for a user to digitally sign/verify using FormSeal?

Users require:

    The FormSeal Client component (which enables them to digitally sign).
  • In case of Windows clients, this component auto downloads. (Win Clients need Internet Explorer 5.0 or higher)
  • For Unix clients, a script file will get downloaded and the user will need to run this to install the client components. Unix clients also need the Java Runtime Engine (JRE).

FormSeal supports any X.509 digital certificate for users to sign data; users therefore need to have at least one digital certificate present on their machine.

What digital certificates does FormSeal support?

FormSeal supports any X.509 certificate stored in the Microsoft Security Framework and/or the Netscape Security Framework.

How long does it take to download the FormSeal signing component and how large is it?

For Windows clients, the download component is around 690 KB.

For Unix clients, the script file size is 1 KB. When this script file is executed, around 215 KB of data will get downloaded on the client machine.

Once the necessary components are downloaded, how long does the actual signing take?

The Signing process may take upto a couple of minutes. As part of this process, all the certificates present on your computer are enumerated for you to select, therefore the number of certificates present will also determine how long it takes.

What is the mechanism for signing / verification? Is an industry standard toolkit used?

FormSeal uses Java and its native functions for signing and verification; it is not dependent on any other third party toolkit.

What algorithms are supported for digital signatures?

Currently, the RSA - SHA1 algorithm is used; support can be provided for any other algorithm such as MD5, Triple DES etc.

Is the FormSeal solution PKCS#7 compliant?

Yes.

Does FormSeal support Hardware Tokens?

Yes, we currently support Hardware Tokens through the Microsoft Crypto API. Hardware tokens through Netscape require PKCS #11 driver support, which we do not currently support. Smart Cards such as iKey, Gemplus and Datakey are supported. At present, we so not support PKCS#11.

Does FormSeal support .p12 and .pfx certificate files?

FormSeal can be customized to support .p12 certificate files.

Where does signature verification occur?

Signing is done on the client side and Signature verification occurs on the Server side.

What is the FormSeal Server Component? Which Technologies are used? What are the Server side requirements?

FormSeal has been developed using Java technology to address the key issue of platform independence and cross-compatibility. The Server component will run on any platform, which supports JVM 1.3.1

Which Web Server does the FormSeal Server component work with?

The server side component works with any Web server that supports Java.

How do I enable existing forms in my application for digital signatures using the FormSeal tool?

  • The first step is to identify the page in your application that calls the form page.
  • You then need to call a FormSeal JSP page, providing the form page URL as one of the parameters
  • When a user clicks on a link to the form in your application, it will first call the FormSeal JSP page, which will enable the form in your application for digital signatures
  • The JSP page also adds applets and scripts to your form page

What does "enabling a form for digital signatures," mean?

Enabling a form for digital signatures refers to converting ordinary form pages into form pages that are capable of being digitally signed. This is done through the addition of scripts and applets. These invoke the FormSeal client component for digital signing by users.
In a typical form, when users fill in information and click the submit button, the data is sent to the server for processing. Using FormSeal, users are prompted to digitally sign any information they submit through forms (that have been enabled for signatures). On clicking the Submit button, a list of all the digital certificates present on the computer is presented to the user for selection and to sign the data.

How do I enable my backend for verification of signed information? How does the FormSeal Server component integrate with my backend application?

For verification, all that needs to be done is the addition of FormSeal code to the backend page of the form. On receiving data, FormSeal's code will first perform the verification before passing on the information to your original backend for processing.

What checks are performed by FormSeal's verification process?

    Verification checks are performed to ensure that:
  • The data is untampered and in original, intended form
  • A Trusted Certificate Authority (CA) has digitally signed the Certificate used to sign
  • The Certificate is within the established validity period
  • The certificate has not been revoked

How is Certificate Trust determined?

Certificate trust is based on the trusted store in either IE security framework or Netscape security framework on the server side. If the root certificate of a CA is present in either of these stores on the server side then a chain of trust can be established. Trust will also depend on how the server is configured. If a particular security framework is not selected, then the root certificates in that store will not be used to determine the chain of trust of the signer certificate.

How is Certificate Revocation determined?

FormSeal uses the CRL (Certificate Revocation List) mechanism to determine the certificate revocation status. For revocation, the CRL issued by the CA should be present on the server. FormSeal provides a method of adding CRLs to be checked during verification.

In FormSeal's receipt, what determines the overall transaction result?

The overall transaction result depends on the data integrity, certificate trust and validity. If the validation is enabled on the server, then the transaction result will also depend on the certificate validation status i.e. whether it is revoked or not.

Can the dependency of the overall transaction result be customized?

Yes, this is possible. For instance, if you wish to graphically depict but ignore if a certificate is untrusted, it can be done. In this case, a cross will denote the individual result for trust, but it will not affect the overall result, which will still be successful.

Top
Home | Company | Solutions | Industries | Knowledge Center | News | Partners | Contact Us | Disclaimer | Privacy Policy | Site Map