Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Signing or securing XML sent via https

Avatar

Level 2

Hi there,

I have designed a form which uses Javascript to submit XML via https to a server.  The https provides the appropriate transport level security, but is there a way to sign or encrypt the xml sent using Javascript?

Thanks!

0 Replies

Avatar

Level 10

Yes but you will need a signing certificate for each user. When you drop a button on the form and make it a submit button there is a sign submission radio button available. This controls what you want to sign in the submission.

Paul

Avatar

Level 2

Hi Paul,

Is there a way that I can sign the content for a single pdf?  I would just like to secure the submission of the XML using a single encryption method even though several different clients will use the pdf for submission purposes.

Also, I have placed a normal button on the form and written Javascript on the click method of the button which validates the form (according to the business logic which I need to perform) and then, upon successful validation, submit the form using this command:

event.target.submitForm({cURL

: URL, cSubmitAs:"XML"});

The submission works using Reader 8, but can I add a cert or some security mechanism into the submitForm method to help ensure the validity of the XML content?

Thx.

Roy

Avatar

Level 10

But the encryption is happening on the client side (where the PDF is loaded). The signing cert must be present there (not in the PDF).

Also the encryption of the transmission was added in version 8 (I Think). So that interface does not expose the signing parts. You coudl put a button (like I described) make it invisible (so the user cannot see it or click it) and then use Hidden Submit ButtonName.execEvent("click") to achieve the same result.

Paul

Avatar

Level 2

So the cert info is not stored in the pdf if I add the http submission button and select the cert?  (ie. when the client downloads the pdf to complete, they will have to acquire the cert too?)

I have tried the following:

if (validationsPass == true) HTTPSubmitButton1.execEvent("click");

but get the following error:

"This operation violates your permissions configuration".

Is there perhaps a Javascript interface which submits as well as adds the signing?

Roy

Avatar

Level 10

Can you make the button visible and hit it and see what the result is?

Paul

Avatar

Level 2

Hi Paul,

I am trying to submit the XML content when the user hits the submit button.  Will the new hidden button that I put on the page submit the XML content?  Will it sign the content being sent?

Thanks!

Avatar

Level 10

Yes if you set it up correctly. On your submit button on the submit tab of the Object Palette, Choose xml data (XML) in the subnit as dropdown, then just below that click the sign submission checkbox. Then right beside that click the Settings button and choose Sign  Data Only.

screen1.jpg

Avatar

Level 2

Hi there,

I don't seem to have that option available to me (as per attachment).

Roy

screenshot1.bmp

Avatar

Level 10

I used a normal button and choose the submit type. This gives you all of the options listed. You choose a predefined HTTP submit button object which has options chosed for you.

Use my technique and you will have all of those options.

Paul

Avatar

Level 2

Hi Paul,

Thanks. I, for some reason, still get "This operation violates your permissions configuration" as an error message.

Roy

Avatar

Level 10

Are there other features being used on the form that could be causing that problem? If you create a new form (one field) and try the same thing do you get the same message? What is the target version in the Form Properties/Deafault set to?

Paul

Avatar

Level 2

Hi Paul,

It is still giving the same error.  The target version is 7.0.5 or later.  I changed this to 8 and I still get the same.

Roy

Avatar

Level 10

I just tried it on mine and was able to submit without issue. Used a target version of 8.0.1.

Paul