This document will explain on a high level what digital signatures are and how they can be applied in the document management functionality. Technical information can be found in IFS Applications Technical Documentation (see below).
Note: Digital signatures are currently only supported for PDF files. This means that, if you want to sign a document that has a Word file as original, you need to also create a view copy in PDF format, for signing.
Signatures in the digital era are based on strong cryptographic technology and makes use of digital certificates. On a high level, a user gets a certain certificate assigned. This certificate can then be used to securely sign a piece of digital information, like a document file (hereafter called document). Optionally, the certificates can themselves be certified by special certificate authorities for an extra level of trust.
The IFS Applications framework has capabilities to sign files with a certificate. The certificate is stored in a keystore. Read more about this in the technical documentation under IFS Foundation1 Overview / Security / Keystores & Digital Signatures.
The most likely way to work with digital signatures for document management will be to apply the personal certificate assigned to a user to the file connected to a document revision. This can be done at any point in time, but it will be common to sign the document when a document is approved or released and when an approval step has been approved against the document revision, if that is available.
The way to apply a certificate to a document file, to sign the document, is to use an event action connected to a standard or custom event. Document management comes preinstalled with a few events that are fired at certain points. To these events event actions need to be configured, using the event action type Online SQL. In these event actions, some PL/SQL code will be written to call framework methods to do the actual signing of the documents.
It is possible to add more than one signature to a file. This means that several people can sign the file with their certificate. Typically, for each time someone approves an approval step, a signature can be added to the document. In the end, the file can also be certified (see below) and locked from further signatures.
Technically you can only sign a file in one way, which is by applying a digital certificate to it. However, when you sign a file you can set certain flags to control the signature. One of these flags control if the file can be modified or not after it has been signed. Using this flag is called to certify the signature.
If the digital signature needs to be printed on paper, it is possible to add a visual representation of it to the signature itself. This is known as a signature appearance and consists of several parts:
The following events are useful when applying a certificate to a document:
For full flexibility an event action to sign a document can also be connected to a custom event. This means that it is possible to sign a document at whatever point in time that best suits your processes.
To learn how to create event actions connected to these events, consult the technical documentation by following this path: IFS Installation Guide / Additional Installation Options / IFS Applications Business Components / Document Management (DOCMAN) / Digital Signatures.