Introduction
The Digital Signature feature offers functionality for:
- creating and validating associated signature containers (ASiC) and
- creating and validating "folder signatures" that are based on XML advanced electronic signatures (XAdES).
To use any of the functions, click on the Digital Signature menu button in the DokuMate ribbon tab in either Excel (shown below) or Word. Next, click on the menu item related to the desired function, e.g., Create Associated Signature Container or Validate Folder Signature.
Once you clicked on the desired menu item, DokuMate initializes the dialog in which you can enter or select the information required by the specific function. As DokuMate remembers the last folders you chose, such initialization might include the retrieval of data from SharePoint Online (via Microsoft Graph REST API calls) and any necessary authentication steps required for that.
Associated Signature Containers (ASiC)
With DokuMate, you can create and validate ASiC containers in both Word and Excel. Containers can be created from selected folders or files stored locally or on SharePoint Online. You can validate all or individual containers stored in a local or SharePoint Online folder.
Using ASiC containers, you can easily sign, share, and validate intermediate or final versions of sets of documents such as Requests for Proposal (RFPs), proposals, or contracts, which helps build an audit trail with authentic sets of documents along the way.
Creating Associated Signature Containers
To create an associated signature container, click on the Create Associated Signature Container menu item of the Digital Signature menu button. This brings up the following dialog (after the required initialization as described in the introduction), in which you can enter or select the required information.
- Signing Certificate. DokuMate provides the list of generally usable X.509 signing certificates contained in the current user's local certificate store. Select the one that you want to use for signing the contents of the container.
- Documents to be Signed. In this group, you select the contents of the container. In the first step, you select whether you want to retrieve documents from a local or SharePoint Online folder. In the second step, you provide the information required for the specified type of folder in the same way as for a DocumentTracker. On top of specifying a folder as for the DocumentTracker, you can then select to include (a) all documents in the selected folder and its subfolders or (b) an individual document from the list provided by DokuMate.
- Destination Folder. In this group, you select the folder in which the newly created ASiC container will be stored. As above, this can be a local or SharePoint Online folder. In the latter case, you can select a folder on the same or different SharePoint domain, site, or library, which makes it easy to collaborate across organizational boundaries.
- Additional Options. In this group, you select any additional options. At the moment, the only option is to create a new Outlook email with the newly created ASiC container attached to it. This is another feature that makes it easy to distribute ASiC containers as desired.
Click OK to have DokuMate create the ASiC container for you. DokuMate then automatically fetches all files to be included in the container, creates the container, stores the container in the selected destination folder, and creates an Outlook email if desired.
The ASiC file name consists of the name of the folder (e.g., "Test") or file you selected in the Documents to be Signed group, a timestamp (e.g., "2020-06-27T140525Z", which is based on ISO 8601 but with the colons removed from the UTC time component), and the ".asice" extension.
Validating Associated Signature Containers
To validate an associated signature container, click on the Validate Associated Signature Container menu item of the Digital Signature menu button. This brings up the following dialog (after the required initialization as described in the introduction), in which you can enter or select the required information.
In the example above, the ASiC container was stored in the local folder shown above. In the Containers drop-down list, you can either select (a) all containers in the selected folder and its subfolders or (b) an individual container as shown in this example.
Click OK to have DokuMate validate the ASiC container, or containers, for you. DokuMate then automatically fetches and validates the containers and provides a container validation report like the one shown below.
At the top, the report displays the file names and types (e.g., ASiC-E) of the validated reports. In the middle, for each validated signature, the report shows the signing date and time, the signer, the signature type (e.g., XAdES-BASELINE-T), the indication (e.g., TOTAL_PASSED), and, if the indication is not TOTAL_PASSED, a sub-indication providing more information on why the validation failed. At the bottom, the report lists the documents covered by the signature.
Folder Signatures
With DokuMate, you can create and validate "folder signatures" in both Word and Excel. A "folder signature" is an XML advanced electronic signature (XAdES) stored in the "META-INF" sub-folder of the signed folder to associate that XAdES signature with the signed file objects stored in the folder or its subfolders.
Using folder signatures, you can detect whether and when files are added, removed, renamed, or changed. This can be helpful in collaborative negotiation scenarios, for example, where both parties have access to a shared folder containing the contract documents only to be changed during joint negotiation sessions but not outside of such sessions. Creating a folder signature at the end of a session and validating that folder signature at the beginning of the next session can provide comfort that no changes were made.
Creating Folder Signatures
To create a folder signature, click on the Create Folder Signature menu item of the Digital Signature menu button. This brings up the following dialog (after the required initialization as described in the introduction), in which you can enter or select the required information.
The dialog is the same as for creating an associated signature container, except that it does not ask for a destination folder or offer additional options.
Validating Folder Signatures
To validate a folder signature, click on the Validate Folder Signature menu item of the Digital Signature menu button. This brings up the following dialog (after the required initialization as described in the introduction), in which you can enter or select the required information.
The dialog lets you select a local or SharePoint Online folder in the same way as described above. When you click OK, DokuMate downloads the folder contents, including the metadata contained in the META-INF subfolder that should exist in the folder to be validated, validates the XML advanced electronic signatures (XAdES) contained in the META-INF subfolder, and provides a folder validation report like the one below. In this example, the folder passes the validation.
The next sample folder validation report shows a situation where somebody changed a file (e.g., 01-E00_Schedule E (Pricing Framework).docx) after the folder was signed. This time, the indication is TOTAL_FAILED and the sub-indication is HASH_FAILURE, which means that the hash (or digest) value of a document does not match the signed hash (or digest) value. In the list of signed documents, you can see that Schedule E (Pricing Framework) was changed.