smartfolders management guide

[email protected]

elevenpaths.com

ElevenPaths, radical and disruptive innovation in security solutions

SealSign SmartFolder

Management guide

SealSign SmartFolder Management guide

V.1.0 – October 2016

2016 © Telefónica Digital España, S.L.U. All rights reserved. of 15

Table of content

1 SealSign SmartFolders Introduction ............................................................................. 3

2 SealSign SmartFolders Management ........................................................................... 4

2.1 Configuring the Connection to the SealSign DSS Service ......................................................... 4

2.2 Configuring Signature Profiles .................................................................................................. 5

2.3 Configuring the Folders to be Monitored and Association with the Chosen Profile .............. 10

2.4 Configuring the SealSign SmartFolders Agent as User Agent or Windows Service ................ 11

2.5 Configuring the Connection to the SealSign DSR Service (Optional) ...................................... 12

3 Resources .................................................................................................................. 14




1 SealSign SmartFolders Introduction

SealSign SmartFolder is a mass signature solution associated to the SealSign platform. SealSign SmartFolder chiefly consists of two main parts: an agent and a tool for administrating the configuration. The agent is responsible for monitoring selected folders. The mass signature is conducted from that monitoring. On the other hand, you can use the administration tool to manage different application settings, such as connection to SealSign parameters, folders to be monitored and signature profiles associated with each folder.

SealSign SmartFolder components overview:

The agent:

1. SealSignWatcherAgent.

2. SealSignWatcherService.

Configuration Tool:

1. SealSignWatcher.




2 SealSign SmartFolders Management

Once you have installed the SealSign SmartFolders module we will show the management tasks that can be performed with the tool included in the setup. For this, you can run the direct link called SealSignWatcher created on the desktop or in the start menu.

The main management tasks are:

1. Configuration of the connection to the SealSign DSS service.

2. Configuration of the signature profiles.

3. Configuration of folders to be monitored and the association with the chosen profile.

4. Configuration of the SealSign SmartFolders agent as user agent or as Windows service.

5. Configuration of the connection to the SealSign DSR service (Optional).

2.1 Configuring the Connection to the SealSign DSS Service

There is a section regarding the Parámetros de Conexión, DSS in the main window of the application to configure the connection:

Figure 01: Configuring the connection to the DSS service.




In the displayed form you need to enter the SealSign DSS Service URL and optionally (in the event of authentication integrated in the Active Directory, it is not required) the User, Password, and Domain fields.

At the bottom of this window, there are 4 buttons with the following functionalities:

Guardar: It stores the configured profile if the connection is successful.

Cancelar: It restores the default values of the text fields.

Borrar: It deletes the SealSign SmartFolder profile.

Copiar a DSR: It copies the configuration of the connection from DSS to DSR.

After including these data, you need to click on the “Connection Test” button, which will display the following window if the configuration is correct.

Figure 02: Successful connection.

2.2 Configuring Signature Profiles

In order to configure the signature profiles, you just need to click on the “Configurar los Perfiles de Firma”, and the following window will be displayed:

Figure 03: Configuring signature profiles.




Each of these parameters are detailed in the following list:

Nombre: Name of the electronic signature profile. There is a single identifying datum per profile.

Certificado: Associated certificate with which the electronic signature of documents will be carried out.

Figure 04: Configuring signature profiles (Name and Certificate).

Perfil de Firma: Drop down menu with the following signature profile types:

1. Default(CMS)

2. CMS

3. CAdESBES

4. CAdEST

5. CAdESC

6. CAdESX

7. CAdESXL

8. CAdESA

9. XMLDigSig

10. XAdESBES

11. XAdEST

12. XAdESC

13. XAdESX

14. XAdESXL

15. XAdESA

16. PDF

17. PAdESBasic

18. PAdESBES

19. PAdESLTV

20. PAdESXML

21. Office

Tipo: Drop down menu from which you can choose how the signature will be stored:

1. Default: It uses the default signature storage format (Enveloped).

2. Enveloped: The signature is stored within the document.

3. Enveloping: The signature is stored so that it contains the document within.

4. Detached: The signature is stored separately from the document.




Hash: Hash algorithm to be used: SHA1, SHA2, etc.

Figure 05: Configuring signature profiles (Profile Signature, Type and Hash).

Flags:

Figure 06: Configuring signature profiles (Flags).




1. None: It does not specify a signature flag.

2. Default: It uses the default values for the signature. These values will be composed of the options checked in the management tool.

3. ValidateChain: It validates the certificate chain before the signature.

4. CheckRevocationStatus: It checks the revocation status before the signature.

5. XMLAddXPathRemoveSignatureTransform: It applies the transformation of the XPath signature deletion before the signature. This flag allows only the signature of the document content excluding other signatures previously carried out.

6. XMLAdESIncludeSignerRole: It includes the role of the XAdES signature signer.

7. XMLAdESExplicitPolicy: It explicitly includes the signature policy in the XAdES signature.

8. XMLAdESXType2: It performs a XAdES-X or XAdES-XL type signature.

9. CMSAdESExplicitPolicy: It explicitly includes the signature policy in the CAdES signature.

10. CMSAdESXType2: It performs a CAdES-X or CAdES-XL type signature.

11. PDFAdESIncludeTimestamp: It includes the timestamp information in the PAdES type signature.

12. PDFAdESIncludeRevocationInfo: It includes revocation information in the PAdES type signature.

Política y Otros Parámetros: It displays a form to include the following parameters associated with advanced signatures:

Figure 07: Configuring signature profiles (Policy and Other Parameters).

1. Identificador de Política: Text string that specifies the identifier of the policy applied to the signature.




2. Resumen de la Política: Text string that specifies the summary of the policy applied to the signature.

3. Rol Firmante: Text string that specifies the signatory role.

4. Localidad: Text string that specifies the locality where the signature takes place.

5. Provincia: Text string that specifies the province where the signature takes place.

6. Referencia: Reference within the XML document on which the signature will be applied.

7. Razon: Text string that specifies the reason why the signature is carried out.

8. Pais: Text string that specifies the country where the signature takes place.

9. C.P.: Text string that specifies the postal code where the signature takes place.

Opciones PDF: Signature exclusive parameters if you have selected the PDF option or any of the PAdES formats from the Signature Profile drop down menu:

Figure 08: PDF options

1. Password: PDF decryption password.

2. Nombre Campo Firma: It specifies the name of the field in the PDF document in which the signature will be saved.

3. Firma Visible: Boolean stating whether the signature widget will be visible on the document resulting from the signature operation.

4. Imagen (Añadir/Borrar Imagen): Background image that will be included in the signature widget. It will be in JPG format. The image will be adjusted by default to the size of the widget, keeping its proportion.

5. Escalar Fondo: Boolean stating whether the background image will be automatically adjusted to the size of the widget.




6. Anchura Fondo: Width of the original image specified in PDFSignatureBackground, or width of the original image you wish to crop.

7. Altura Fondo: Height of the original image specified in PDFSignatureBackground, or height of the original image you wish to crop.

8. AutoPosicion del Widget: Boolean stating whether the signature widget will be positioned automatically or using the WidgetOffX and WidgetOffY parameter values. If you enable automatic position, the widget will appear in the top right corner of the page.

9. WidgetOffX: It specifies in pixels the value of the X coordinate where the signature widget will appear, taken from the lower left corner of the page.

10. WidgetOffY: It specifies in pixels the value of the Y coordinate where the signature widget will appear, taken from the lower left corner of the page.

11. Auto Escalado del Widget: Boolean stating whether the signature widget will be resized automatically or using the Altura Widget and Anchura Widget parameter values.

12. Altura Widget: Height in pixels of the signature widget.

13. Anchura Widget: Width in pixels of the signature widget.

14. Widget Rot: It states the rotation angle of the signature widget. Its possible values are 0, 90, 180 or 270.

15. Widget en todas las Paginas: It whether the signature widget must be included on every page of the document.

16. Widget Pagina: It states the page number where the signature widget will be included.

17. Filtrar solo firmas: In the signature verification, it states whether only the signatures of document type or any other signature included in the PDF will be validated.

18. Ocultar Texto del Widget: Boolean stating whether the widget will hide the automatic text with the signatory description.

Lastly, under the “Flags” list the following buttons are displayed: the “Guardar” button stores the configuration in encrypted register, the “Cancelar” button initializes the form fields, and the “Borrar” button initializes the form fields and deletes the configuration of the register.

2.3 Configuring the Folders to be Monitored and Association with the Chosen Profile

In this window, you can enter data of the folder to be monitored such as:

Nombre: Profile configuration name. It is an identifying datum of each configuration of the folder to be monitored.

Perfil de Firma: Signature profile associated with the configuration.

Entrada: Origin folder of the documents that will be subject to mass signature.

Salida: Target folder of documents once they have been signed.

Errores: The folder in which documents whose signature could not be performed are stored.

At the bottom of this window, a few buttons to manage such data are displayed:

The Guardar button stores the configuration in encrypted register.

The Cancelar button resets the form fields.




The Borrar button resets the form fields and deletes the register configuration.

SealSignWatcher supports multiple configurations, but only one by input folder.

The following figure is the main screen:

Figure 09: Configuration folders.

2.4 Configuring the SealSign SmartFolders Agent as User Agent or Windows Service

On the main screen of the SealSign SmartFolders configuration application there is a button to configure the running operation mode. There are two options:

As a user agent, in which the agent runs when the user logs on. To activate this mode, click on the “Ver configuración Usuario” button.

As a Windows service, in which the agent runs as a service and starts when the computer is started. To activate this mode, click on the “Ver configuración Servicio” button.




2.5 Configuring the Connection to the SealSign DSR Service (Optional)

There is a section regarding the Parámetros de Conexión, DSS in the main window of the application to configure the connection:

Figure 10: Configuring the connection to the DSR service.

You need to enter the SealSign DSR Service URL and optionally (it is not required for authentication integrated in Active Directory) the “Usuario”, “Contraseña” and “Dominio” fields, and then click on the “Test de Conexión” button. If the configuration is correct, the following window will be displayed:

Figure 11: Successful Connection.




The following buttons related to this action are also included:

The Guardar button saves the profile if the connection is successful.

The Cancelar button resets the default values of the text field.

The Borrar button deletes the SealSign SmartForlder profile.

The Copiar a DSS button copies the configuration of the connection from DSR to DSS.

There is an additional configuration parameter in DSR:

Escribir resultado solo en DSR: If checked, electronically signed files are not sent to the configured Output directory in the SealSign SmartFolders profile, but are only stored in the SealSign DSR document repository. If not checked, electronically signed files are stored both in the Output directory configured in the SealSign SmartFolders profile and in the SealSign DSR document repository.




3 Resources

For information about the different SealSign services available, please go to this address:

https://www.elevenpaths.com/es/tecnologia/sealsign/index.html

Also, on the ElevenPaths blog you can find interesting articles and innovations regarding this product.

You can find more information about Eleven Paths products on YouTube, on Vimeo and on Slideshare.

https://www.elevenpaths.com/es/tecnologia/sealsign/index.html

http://blog.elevenpaths.com/

https://www.youtube.com/user/ElevenPaths

http://vimeo.com/elevenpaths

http://www.slideshare.net/elevenpaths/




PUBLICATION

October 2016

At ElevenPaths we have our own way of thinking when we talk about security. Led by Chema Alonso, we are a team of experts who are passionate about their work, who are eager to redefine the industry and have great experience and knowledge about the security sector.

Security threats in technology evolve at an increasingly quicker and relentless pace. Thus, since June 2013, we have become a startup company within Telefónica aimed at working in an agile and dynamic way, transforming the concept of security and, consequently, staying a step ahead of our attackers.

Our head office is in Spain, but we can also be found in the UK, the USA, Brazil, Argentina and Colombia.

IF YOU WISH TO KNOW MORE ABOUT US, PLEASE CONTACT US AT:

elevenpaths.com Blog.elevenpaths.com @ElevenPaths Facebook.com/ElevenPaths YouTube.com/ElevenPaths

The information disclosed in this document is the property of Telefónica Digital España, S.L.U. (“TDE”) and/or any other entity within Telefónica Group and/or its licensors. TDE and/or any Telefonica Group entity or TDE’S licensors reserve all patent, copyright and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to the extent said rights are expressly granted to others. The information in this document is subject to change at any time, without notice.

Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material form except with the prior written consent of TDE.

This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of receipt of this document, the recipient agrees to use such information for its own use and not for other use.

TDE shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission in such information or any incorrect use of the product or service. The use of the product or service described in this document are regulated in accordance with the terms and conditions accepted by the reader.

TDE and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks.

smartfolders management guide

Technology