In a previous post on digital signatures in Office Open XML I showed how to sign a package using an X509 certificate and have Microsoft Office Word feel that the signature is valid by embedding a custom data-object in the signature markup. The signing process is remarkably easy. Just pick the package- and relationship-parts that you wish to sign, filter the relationships by ID to only sign a subset, and you're ready to sign using one line of code. Besides the signing of a document, Microsoft Office Word does have another facility which greatly enables the user of a signable document; the signature line.
Take the following report. It is a basic Word document containing all kinds of questions that require a truthful answer. To validate that this filled in document hasn't changed there are two digital signatures added. You can see the place where the user can fill in those signatures at the bottom of the sample document.
It would of course be great if you are able to not only sign a document using an X509 certificate, but to also have the name of the signing party displayed in the corresponding area in the document. It turns out that this is remarkably easy to do. You need to take the following steps:
Step 1: Creating a document template
Create a template document with a signature line object defined in it. You can add a signature line from inside Microsoft Office Word 2007 using the 'Text' group on the 'Insert' tab.
The signature line uses VML markup to define the way it looks. You do not need to use much difficult VML markup, only the basic outline is enough.
<w:pict>
<v:shape style="width:192pt;height:96pt">
<v:imagedata r:id="rId7" />
<o:signatureline v:ext="edit"
id="{2C997BE6-E07E-4ED5-AA74-BF8D15D42F3B}"
provid="{00000000-0000-0000-0000-000000000000}"
o:suggestedsigner="Applicant signature"
issignatureline="t" />
</v:shape>
</w:pict> |
There is one important value here. The id attribute on the signatureline element is used to attach the digital signature to the signature line. There is no further markup required in the main document body. The ID value is referenced from inside the signature's Office object. The relationship ID is being inside the imagedata element points to an image depicting how the signature looks in the UI. The provid is used to attach a different signature provider in Microsoft Office Word. Using a signature provider you can provide custom signing mechanisms if required.
Step 2: Signing the document
The process of signing a document using the Packaging API has been described in an earlier blog post. Just to run down the steps, first you pick an X509 certificate using the .NET Framework. The second step is to build up the list of parts and relationships to sign, and finally you sign by performing a call to the PackageDigitalSignatureManager class of the .NET 3.0 Packaging API. I've described earlier how the signature requires an extra embedded object in the signature to allow Microsoft Office Word to validate the signature. This custom object needs to be expanded to tie the signature to the signature line.
<SignatureProperties xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignatureProperty Id="idOfficeV1Details"
Target="idSignatureObject">
<SignatureInfoV1 xmlns="http://schemas.microsoft.com/office/2006/digsig">
<SetupID>{2C997BE6-E07E-4ED5-AA74-BF8D15D42F3B}</SetupID>
<SignatureText>Wouter van Vugt</SignatureText>
<ManifestHashAlgorithm>
http://www.w3.org/2000/09/xmldsig#sha1
</ManifestHashAlgorithm>
</SignatureInfoV1>
</SignatureProperty>
</SignatureProperties> |
Previously, only the ManifestHashAlgorithm was required. To tie the signature to the signature line you apply two extra elements. The SetupID element points to the ID of the signature line. The SignatureText is displayed in the signature line as the name of the signing party.
That is all you need to start using signature lines in your document. In my opinion this greatly enhances the user experience when signing documents or working with signed documents.