| QUESTION
1 : |
What components
does FormSeal consist of? |
| ANS : |
FormSeal consists of a Server
component and a Client component. |
| |
|
| QUESTION
2 : |
What
are the requirements for a user to digitally
sign/verify using FormSeal? |
| ANS : |
Users require: |
| |
|
The
FormSeal Client component (which
enables them to digitally sign). |
| |
|
In
case of Windows clients, this
component auto downloads.
(Win Clients need Internet
Explorer 5.0 or higher) |
|
For
Unix clients, a script file
will get downloaded and the
user will need to run this
to install the client components.
Unix clients also need the
Java Runtime Engine (JRE). |
|
|
FormSeal supports
any X.509 digital certificate for
users to sign data; users therefore
need to have at least one digital
certificate present on their machine. |
|
| |
|
| QUESTION 3: |
What digital certificates
does FormSeal support? |
| ANS : |
FormSeal
supports any X.509 certificate stored
in the Microsoft Security Framework and/or
the Netscape Security Framework. |
| |
|
| QUESTION 4: |
How long does it
take to download the FormSeal signing
component and how large is it? |
| ANS
: |
For Windows clients, the download component
is around 690 KB.
For Unix clients, the script file size
is 1 KB. When this script file is executed,
around 215 KB of data will get downloaded
on the client machine. |
| |
|
| QUESTION
5: |
Once the necessary components are downloaded,
how long does the actual signing take? |
| ANS
: |
The Signing process
may take upto a couple of minutes. As
part of this process, all the certificates
present on your computer are enumerated
for you to select, therefore the number
of certificates present will also determine
how long it takes. |
| |
|
| QUESTION
6: |
What is the mechanism
for signing / verification? Is an industry
standard toolkit used? |
| ANS
: |
FormSeal uses Java
and its native functions for signing and
verification; it is not dependent on any
other third party toolkit. |
| |
|
| QUESTION
7: |
What algorithms are
supported for digital signatures? |
| ANS
: |
Currently, the RSA
- SHA1 algorithm is used; support can
be provided for any other algorithm such
as MD5, Triple DES etc. |
| |
|
| QUESTION
8: |
Is the FormSeal solution PKCS # 7 compliant? |
| ANS
: |
Yes. |
| |
|
| QUESTION
9: |
Does FormSeal support Hardware Tokens? |
| ANS
: |
Yes, we currently
support Hardware Tokens through the Microsoft
Crypto API. Hardware tokens through Netscape
require PKCS #11 driver support, which
we do not currently support. Smart Cards
such as iKey, Gemplus and Datakey are
supported. At present, we so not support
PKCS#11. |
| |
|
| QUESTION
10: |
Does FormSeal support
.p12 and .pfx certificate files? |
| ANS
: |
FormSeal can be customized
to support .p12 certificate files. |
| |
|
| QUESTION
11: |
Where does signature
verification occur? |
| ANS
: |
Signing is done on
the client side and Signature verification
occurs on the Server side. |
| |
|
| QUESTION
12: |
What is the FormSeal
Server Component? Which Technologies are
used? What are the Server side requirements? |
| ANS
: |
FormSeal has been
developed using Java technology to address
the key issue of platform independence
and cross-compatibility. The Server component
will run on any platform, which supports
JVM 1.3.1 |
| |
|
| QUESTION
13: |
Which Web Server does the FormSeal Server
component work with? |
| ANS
: |
The server side component
works with any Web server that supports
Java. |
| |
|
| QUESTION
14: |
How do I enable existing
forms in my application for digital signatures
using the FormSeal tool? |
| ANS
: |
|
The
first step is to identify the page
in your application that calls the
form page. |
|
You
then need to call a FormSeal JSP
page, providing the form page URL
as one of the parameters |
|
When
a user clicks on a link to the form
in your application, it will first
call the FormSeal JSP page, which
will enable the form in your application
for digital signatures |
|
The
JSP page also adds applets and scripts
to your form page. |
|
| |
|
| QUESTION
15: |
What does "enabling a form for digital
signatures," mean? |
| ANS
: |
Enabling a form for digital signatures
refers to converting ordinary form pages
into form pages that are capable of being
digitally signed. This is done through the
addition of scripts and applets. These invoke
the FormSeal client component for digital
signing by users.
In a typical form,
when users fill in information and click
the submit button, the data is sent to
the server for processing. Using FormSeal,
users are prompted to digitally sign any
information they submit through forms
(that have been enabled for signatures).
On clicking the Submit button, a list
of all the digital certificates present
on the computer is presented to the user
for selection and to sign the data. |
| |
|
| QUESTION
16: |
How do I enable my
backend for verification of signed information?
How does the FormSeal Server component
integrate with my backend application? |
| ANS
: |
For verification,
all that needs to be done is the addition
of FormSeal code to the backend page of
the form. On receiving data, FormSeal's
code will first perform the verification
before passing on the information to your
original backend for processing. |
| |
|
| QUESTION
17: |
What checks are performed by FormSeal's
verification process? |
| ANS
: |
Verification checks are performed to ensure
that: |
| |
|
The
data is untampered and in original,
intended form |
|
A
Trusted Certificate Authority (CA)
has digitally signed the Certificate
used to sign |
|
The Certificate is within the established
validity period |
|
The
certificate has not been revoked |
|
| |
|
| QUESTION
18: |
How is Certificate Trust determined? |
| ANS
: |
Certificate trust
is based on the trusted store in either
IE security framework or Netscape security
framework on the server side. If the root
certificate of a CA is present in either
of these stores on the server side then
a chain of trust can be established. Trust
will also depend on how the server is
configured. If a particular security framework
is not selected, then the root certificates
in that store will not be used to determine
the chain of trust of the signer certificate. |
| |
|
| QUESTION
19: |
How is Certificate Revocation determined? |
| ANS
: |
FormSeal uses the
CRL (Certificate Revocation List) mechanism
to determine the certificate revocation
status. For revocation, the CRL issued
by the CA should be present on the server.
FormSeal provides a method of adding CRLs
to be checked during verification. |
| |
|
| QUESTION
20: |
In FormSeal's receipt, what determines
the overall transaction result? |
| ANS
: |
The overall transaction
result depends on the data integrity,
certificate trust and validity. If the
validation is enabled on the server, then
the transaction result will also depend
on the certificate validation status i.e.
whether it is revoked or not. |
| |
|
| QUESTION
21: |
Can the dependency of the overall transaction
result be customized? |
| ANS
: |
Yes, this is possible.
For instance, if you wish to graphically
depict but ignore if a certificate is
untrusted, it can be done. In this case,
a cross will denote the individual result
for trust, but it will not affect the
overall result, which will still be successful. |
| |
|
| |
|
