Using Microsoft CryptoAPI signaturesAdded by IBM on October 10, 2012 | Version 1 (Original)
|The CryptoAPI engine uses certificates located in the Microsoft™ certificate store to encrypt signature buttons for security purposes.
To create a signature button that uses the CryptoAPI engine, set the following parameters in the signformat option:
CryptoAPI also uses optional parameters to set specific CSP behavior. You should only set these parameters if you need to use a specific CSP. In all other cases, you should accept the default values. The parameters are:
- MIME type — The MIME type that is used to store the signature information. You should always use application/vnd.xfdl.
- engine — The name of the signing engine to use. In this case, CryptoAPI.
- delete — Optional. This flag sets whether the user can delete the signature. By default, users can delete all signatures. If you want to prevent a signature from being deleted, set this to off.
For example, the generic XFDL code for a button using the CryptoAPI engine looks like this:
- csp — The cryptographic service provider used to create the signature. This should only be set if you need to use a specific CSP. Otherwise, the signature will default to the Microsoft Base Cryptographic Service Provider.
- csptype — Identifies the type of CSP in use. This should only be set if you need to use a specific CSP. Otherwise, the signature will default to a full RSA implementation (rsa_full).
- If the form is opened in Webform Server, then signing a CryptoAPI signature requires the use of the Webform Server plugin/ActiveX control. The plugin/ActiveX control is automatically downloaded to the browser when it is needed.