Hi, this is Gergely Kota, a developer on the InfoPath team. Digitally signing data when filling out a form makes the data tamper-proof, authenticates its signer, and is a key component of trusting form data. In this post, I’d like to share the improvements that have been made to digital signature support in InfoPath 2010. InfoPath 2010 allows you to make more secure signatures with improved cryptographic algorithms and makes long-term storage of signed forms more robust by supporting 3rd-party time stamping. This post describes these improvements and shows you how to strengthen any signature created in InfoPath 2010 Filler. For a primer on digital signatures, read an Introduction to Digital Signatures in InfoPath.
Note - Data signing should not be confused with code/template signing, which remains unchanged.
Digital signatures are only as secure as the cryptographic algorithms they use to ensure signed data hasn't been tampered with. InfoPath 2007 and 2003 support RSA or DSA for signing and SHA1 for hashing. Though a combination of RSA and SHA1 is considered secure for now, algorithms become exposed to attack over time and are eventually rendered obsolete. If either the signing or hashing algorithm is cracked or compromised, the integrity of the signature can no longer be verified. InfoPath 2010 enables you to address these concerns by supporting newer, more secure, ECC signing and SHA-2 family of hashing algorithms.
When creating a signature, a user may sign with one of potentially many certificates installed on their machine. The signature algorithm is determined by the chosen digital certificate. To determine the algorithm:
By default, InfoPath 2010 hashes signature data using SHA1. This is done to maintain backwards compatibility with InfoPath 2007 and InfoPath 2003. InfoPath 2010 also supports the SHA2 family of hashing algorithms. If backwards compatibility is not a concern, an administrator can set the hashing algorithm in the registry.
The following table shows which versions of InfoPath are able to sign and/or verify signatures with the given combinations of signing and hashing algorithms:
Certificates guarantee the identity of the signer, but expire after a while. This is to reduce the time attackers have to deduce an associated private key (which would allow them to impersonate a signer) and to limit the shelf-life of a compromised certificate. Certificates may also be revoked if they are taken out of commission before their expiration date. If the certificate used to create a signature is now expired or revoked, we should be cautious of whether the signed data is valid or not unless we can verify that the data was signed while the certificate was still valid. This poses an impending problem because all certificates expire (often in a year!), and we would require a trusted timestamp to confirm when the signature was created. Without such a trusted timestamp, InfoPath will show the signature as invalid, with the reason in the Signature Details dialog:
This can be especially problematic, for example, for a printed copy of the form which would show an invalid signature, and there would be no way to verify why. InfoPath 2010 adds support for XML Advanced Electronic Signature (XAdES), which allows for adding a trusted timestamp that can be used to resolve when the signature was added relative to the signing certificate's expiration and/or revocation time (see a detailed discussion of XAdES in Microsoft Office for details and level options). If such a timestamp exists and confirms that the signature was made when the signing certificate was valid, InfoPath can safely conclude that the signature is entirely valid:
InfoPath 2010 Forms Services signs forms using RSA and SHA1, and is able to verify any signature created in the InfoPath 2010 client. XAdES is a client-only feature.
By leveraging the security improvements and time-stamping support described in this post, you are increasing the strength and longevity of your signatures. Happy signing!
Gergely, InfoPath dev
Update: Due to a change in the Bing Maps REST Web Service, the steps outlined in this blog post no longer work. We are looking into the possibility of using a different API, and will update this post soon with details.
Hi, Phil Newman here from the InfoPath team. In this post, I’ll explain how to use the new REST Web service data connection in InfoPath 2010 to add a dynamic map to a contacts form. The form connects to two Web services. The first is a REST Web service that returns the coordinates of a given address from Bing Maps, the second returns an image of a map for a given coordinate set. When users enter address information in the form, the map will update to display the specified address.
The following steps assume that:
The next step is to create a rule to change the parameters in the REST Web Service URL based on the address values entered in the form. The Web service will then be queried using these parameters.
(NOTE – the button is being used as a temporary placeholder for creating the rules. In InfoPath 2010, you can copy and paste rules between controls. We’ve built in smarts so that when you copy a rule to a different control, field references are updated. In this case we do not want the references to be updated so we will create the rules on the button and then copy and paste it on to the Address fields.)
concat("http://dev.virtualearth.net/Services/v1/GeocodeService/GeocodeService.asmx/Geocode?culture=en-us&count=10&query=", Address, ", ", City, ", ", State/Province, "&landmark=&addressLine=&locality=&postalTown=&adminDistrict=&district=&postalCode=&countryRegion=&mapBounds=¤tLocation=&curLocAccuracy=&entityTypes=&rankBy=&key=YourBingMapsKey")
To display the map of the current location in the picture control, append the latitude and longitude values returned by the Bing Maps REST Web Service to the URL for that image.
concat("http://api.tiles.virtualearth.net/api/GetMap.ashx?ppl=24,,", Latitude, ",", Longitude, "&key= YourBingMapsKey")
Now, open the form in the browser and fill it out. As soon as you have entered an address, the map of that location will appear in the form.
Please leave a comment if you have any questions or feedback about this feature!
Today sees the launch of “InfoPath Cool Forms”. In this series, we will feature cool forms that showcase a form design practice or interesting scenario.
This week’s cool form is the “Ask Kanesha” request form. This is a neat little form that we use on the InfoPath team to submit requests to our Group Business Administrator, Kanesha.
Kanesha was being flooded with requests from team members and tracking all these requests was becoming a challenge. To help manage the requests, we created an ‘Ask Kanesha’ InfoPath browser form that submitted all requests to a SharePoint list. Team members use this form to submit requests. A simple workflow fires alerting Kanesha to the new request. Certain requests such as those for small hardware can be completed in minutes. The dropdowns in the form automatically filter to guide us to the right hardware. Other custom requests may take longer and can be managed by Kanesha online. The form saves us time and helps Kanesha keep track of all the requests that come her way.
If you have a “cool” form that you would like to share with us, please send an e-mail with the following details to firstname.lastname@example.org -
The most popular submissions will be featured on our blog in future posts.
Check out other Cool Forms! here.
Hi, My name is Nicholas Lovell and I’m a developer on the InfoPath team. In this video demo, I will walk through how to create a simple portal page for processing claims at an insurance company. This claims portal includes a SharePoint Web Part with a list of all the claims, an InfoPath Web Part that displays the claim details, and a custom Bing Maps Web part which displays the location of the currently selected claim.
Enjoy and please share your comments with us!
In this week’s “5 for Forms” video demo, Nick Dallett will show you how to create a loan calculator application without writing a line of code. This simple application leverages the power of the InfoPath and Excel Web Parts by using an InfoPath form to input the values that are sent to an Excel Workbook which contains the complex formulas that calculate the repayments.
If you want to learn more about the new InfoPath Form Web Part, check out Nick’s earlier video demo – Managing data in your SharePoint Lists using the InfoPath Form Web Part.
Enjoy and please let us know what you think!
The InfoPath Team
Do you want to learn about InfoPath and SharePoint 2010 in FREE Web casts with the InfoPath product team? Then sign up for the InfoPath 2010 Academy Live Series.
There are 3 remaining sessions in the series. The next session “Building SharePoint Applications with InfoPath 2010” will take place on Wednesday, March 10th from 8:30 AM to 10:00 AM (PST).
If you missed our 1st session, “An introduction to SharePoint applications using InfoPath 2010”, you can view it on demand here. Just click the “Register Now” button.
This is a great opportunity to learn all about our new features and scenarios directly from the product team, so sign up now!
If not, hurry up! There are only 10 days left to submit your entries.
For a taste of what we’re looking for, here’s one entry from Clayton Cobb of the Colorado SharePoint users group.
Think you can do better? Click here to see how to enter.
Please note that only legal residents of the US and Canada are eligible for prizes. However, we're eager to see videos from everyone, and we will showcase the best videos we receive, regardless of whether you are awarded a prize.
This week’s cool InfoPath form is a form used by one of the teams at Microsoft to track their status. It uses conditional formatting for color coding the status to make it easy to see progress at a glance. By recording team status on their SharePoint site, everyone knows how the team is doing and where they need to focus their energy. As new milestones are added to the project, they are added to the form.
Check out other Cool Forms! here.