This subject has been on and around our plates for some time. That said, it is on the road map now and we are seriously investigating and considering it for a future release.
So, as I do, I have looked up the "what", "how" and "when" of digital signatures...to allow all of us to better understand the basic principles of this *thing*.
"In essence, a digital signature is a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic or genuine. Authentic means that one knows who created the document and one knows that it has not been altered in any way since that person created it.
Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Authentication is the process of verifying that information is coming from a trusted source. These two processes work hand in hand for digital signatures.
- CRC (Cyclic Redundancy Check)
- Private key encryption
- Public key encryption
- Digital certificates
The Digital Signature Standard (DSS) is based on a type of public key encryption method that uses the Digital Signature Algorithm (DSA). The format for digital signatures that has been endorsed by the US government is DSS. The DSA algorithm consists of a private key that only the originator of the document (signer) knows and a public key."
Meanwhile, some customers have shown some real originality dealing with the issue. Take the City of Lisbon, Portugal, where Henrique Saias has faced the problem head on and currently implemented a work around.
For now, they rely on a signed declaration, which states that the DWF file is a digital version of the legally verified and signed paper version they are still to receive.
"A document management software is used in the process to ensure that digital documents cannot be changed.
The application receives the DWF files, manages its versions and enforces a strict access rules. The application extracts vector data when the DWF files are uploaded at first. As part of the process, users are only granted rights to upload data at this point. Following that, data is compressed and stored in a database. From here on, the DWF file enters the approval process and every time a users access a specific DWF file, vector data is compared with the previously stored in the database.
For added security, XML data is also stored for any markups that might be created as part of the review process and saved in the same database. Once all data has been saved, DWF files are deleted and not saved. Should the same DWF be accessed again going forward, users do have the option to display markups stored earlier in the process."
Note: This is a custom application, developed to handle this particular process.