Signature settings
The signature settings include settings for the appearance of signatures, general behavior when signing and technical settings for digital signatures.
General signature settings
Option | Description |
|---|---|
Orientation of signatures | Defines the alignment of the signature within the signature field. Left-aligned: The captured signature is left-aligned in the signature field. Centered: The captured signature is centered in the signature field. Right-aligned: The captured signature is right-aligned in the signature field. Default: Left-aligned |
Color of signatures | Defines the color in which signatures are inserted into the document. Default: Blue (#0000FF) |
Line width of the signatures | Configures the pen width in which the signature is inserted into the document. This setting has no effect on the display on the signature pad during capture. Default: Normal |
Pressure-dependent rendering of the signatures | Configures whether signatures should be rendered with a variable pen width. Activated: The signature is displayed in relation to the pressure applied. Applying more pressure during capture results in a thicker line being displayed. Applying less pressure results in a thinner pen width. Deactivated: A consistent pen width is used. This setting has no effect on the display during signature capture on the signature pad. Default: Activated |
PDF/A compliance | Defines the specifications according to which an open PDF file is to be processed. Off: The PDF/A specifications are not taken into account. PDF/A-1b: All documents are handled in accordance with the PDF/A-1b specifications. PDF/A-2b: All documents are handled in accordance with the PDF/A-2b specifications. Automatic: PDF/A compliance is recognized automatically. All documents are handled based on the recognized PDF/A compliance. The source system is responsible for the correct creation of the documents. The software is not able to subsequently create or change PDF/A compliance. Changes to these settings can result in documents losing their PDF/A compliance! Default: Automatic |
Always sign documents using SHA256 if possible. (Unsigned documents will be converted to PDF version 1.6.) | Configures whether older documents are converted to PDF version 1.6. Activated: Documents with a PDF version lower than 1.6 are automatically converted so that they can be signed with a modern and secure hash algorithm (SHA-256). Deactivated: The PDF version is not converted. Older PDF versions only support the “SHA-1” algorithm and are signed with this. If a document is opened with a PDF version lower than 1.6 and conversion is not possible, e.g. because the document already contains signatures, the hash algorithm “SHA-1” is always used. Default: Activated |
Capture biometric data and save them into the document. | Configures whether the biometric data of the signature (X, Y, Z coordinates as well as time and pressure) should be saved in the document in encrypted form. This data is stored for later proof that the signature was provided by the signatory. Activated: The biometric data of the signature is stored in the document in encrypted form. Deactivated: The biometric data is not stored in the document. Biometric data is an essential component of the security and authenticity of electronic signatures and is very important for subsequent evidence. For example, a confirmation text can be configured in the software before the signature for GDPR-compliant recording and storage of this data. Default: Activated |
Setting the time server
In this area, you can configure the origin of the time setting for the digital signatures. In addition to the computer’s local time, external time servers or certified timestamps can be used.
Option | Description |
|---|---|
Origin of time of signature | Configures the source from which the time of the signature is obtained. Local system: The local time of the computer is used. SNTP server, if available: The SNTP server configured in the “select SNTP server” list is used. If the SNTP server is not available, the local time of the computer is used. SNTP server: The SNTP server configured in the “select SNTP server” list is used. If the SNTP server cannot be reached, it is not possible to sign. Certified timestamp (RFC 3161): A certified timestamp in accordance with RFC 3161 is used. As soon as this option is activated, the URL of the external timestamp server to be used and optional login information must be configured. The advantage of a certified timestamp is that the authenticity and accuracy of the time is confirmed by an independent authority. In addition, the timestamp is linked with the signature data and is only valid with this data. An independent authority can thus confirm that a specific signature was captured at a specific time. As a rule, such time servers are not accessible free of charge. Default: Local system |
Select SNTP server | Configures the SNTP server to be used. This option is only available if the “origin of time of signature” has been configured to “SNTP server” or “SNTP server, if available.” |
URL of timestamp server | Configures the URL to the timestamp server. This option is only available if the “origin of time of signature” has been configured to “certified timestamp (RFC 3161).” |
Timestamp server requires authentication | Configures whether login data, consisting of login name and password, must be used for the timestamp server. This option is only available if the “origin of time of signature” has been configured to “certified timestamp (RFC 3161).” |
Settings for the signing process
General settings for the signing process can be made in this area.
Option | Description |
|---|---|
Scale document to page width during the signing process | Configures whether the document in signoSign/2 should be adjusted to the page width and displayed during the signing process. Activated: The open document is scaled to the page width when the signing process is started. When the signing process is ended, the display is reset to the original zoom level. Deactivated: There is no adjustment of the display. Default: Activated |
Mode for confirmation of signatures | Configures how a signature can be confirmed. Signature device or dialog: The captured signature can be confirmed both on the signature device and in the dialog on the PC. The confirmed signature is inserted directly into the document. Signature device first, dialog second: The captured signature must first be confirmed by the signatory on the signature device and then by the user on the PC via the “input checked and accepted” button. The signature device is locked for entries during confirmation on the PC. This setting is ignored when using the signotec Sigma Lite signature pad, as the device does not have a display. In this case, the signature must be confirmed in the signature dialog on the PC. Dialog only, signature device optional: The captured signature can only be finally confirmed by the user on the PC. Confirming the signature on the pad has no direct effect. Default: Signature device or dialog |
Do not allow mandatory fields to be skipped | Configures whether mandatory fields can be skipped in the signing process. Activated: It is not possible to skip mandatory fields in the signature dialog. Deactivated: Skipping mandatory fields in the signature dialog is permitted. When skipping, the system automatically switches to the next signature field. Default: Deactivated |
Canceling the signing process in the case of unsigned mandatory fields closes the document | Defines whether the document should be closed when a mandatory field is canceled. Activated: The document is closed if the signature is canceled in a mandatory field. Before closing, the user must confirm a confirmation prompt. Deactivated: Canceling while entering a mandatory signature has no effect. Default: Deactivated |
Always center the display of the signature dialog | Determines whether the signature dialog should be displayed centered. Activated: The signature dialog is always displayed centered on the PC screen on which the main window of the software is open. Deactivated: The signature dialog can be positioned freely. The software saves the last position of the dialog user-specifically and always displays it at the last saved position. The dialog can also be placed independently of the main window, e.g. on a second monitor. Default: Deactivated |
Configuration of the certificates
Certificates are required for the PDF signature and the encryption of biometric data. The certificates to be used can be configured in this area.
Certificate for Adobe DigSig signatures
The certificate required for PDF signatures in accordance with ISO 19005-1:2005 and 32000-1:2008 is configured in this area. These signatures are also known as “DigSig” signatures.
Option | Description |
|---|---|
Mode | Configures the mode for performing PDF signatures. Always PC: The signature is executed in the PC or in the software. The certificate configured in the software is used. Signature device if possible: If possible, the signature is executed via the internal signature creation unit of the signotec signature pad used and thus in a secure, standalone environment. The certificate from the signature pad is used. If the signature device used does not support this, the signature is executed in the PC. The certificate configured in the software is used. Always signature device: The signature is always calculated via the internal signature creation unit of the signotec signature pad used and thus in a secure, standalone environment. The certificate from the signature pad is used. If the signature device used does not support this, signature capture is not possible. The signotec signature pads contain a signature certificate generated in the pad before delivery, which is also used as standard to utilize all of the pad’s security functions. The certificate can be exchanged. The “always signature device” mode only works with the signotec signature pads with integrated RSA unit. If other input devices, such as a pen display or Windows tablet PC, are also used, this setting must not be used! The following signature pads have an integrated RSA unit and support the signature in the pad:
Default: Signature device if possible |
Certificate file | Configures the certificate file that is used in “always PC” or “signature device if possible” mode if the connected signotec signature pad does not have a signature creation device or no signotec signature pad is used. A self-signed certificate can also be created within the software using the “+” icon next to the file selection. To receive the “green checkmark” in Adobe Acrobat Reader, you need a certificate whose ROOT is part of the global trust lists “AATL” or “EUTL.” Such certificates are generally subject to a charge. For further information, please contact the signotec sales team. Default: %PROGRAMDATA%\signotec\signoSign2\default.p12 The standard signature certificate “default.p12” supplied with the software is a simple, self-signed certificate. This should be replaced before the software is used productively. |
Include only the end certificate in the X.509 certificate chain information. | Configures whether only the end certificate of the complete certificate chain should be included in the signature. Activated: Only the end certificate is used. Deactivated: The complete certificate chain (if available) is included in the document. Default: Deactivated |
Exchange certificate of the signature device | Configures whether an existing certificate in the signotec signature pad should be exchanged. This option is only available if the “signature device if possible” or “always signature device” mode has been configured. Activated: An existing certificate in the signature pad is replaced by the certificate configured in the software. The certificate in the signature pad is overwritten without prompting. Recovery is not possible! Deactivated: An existing certificate in the signature pad is not replaced. Default: Deactivated |
Certificate for biometric data
The public key certificate to be used for encrypting the signature data (biometric data) is configured in this area.
By default, this includes a public key certificate for encrypting the biometric data, the private part of which is stored securely at a notary’s office. Even signotec, as the manufacturer does not have access to this private key, so that only the notary is able to decrypt the signatures.
Changing the certificate can have a significant impact on the security and authenticity of the signatures. The certificate contained in the standard should only be replaced if a certificate with equivalent security can be guaranteed with regard to storage.
Option | Description |
|---|---|
Mode | Configures the mode for encrypting biometric data. Always PC: Encryption takes place in the PC or in the software. The certificate configured in the software is used. Signature device if possible: If possible, the encryption is carried out in the internal RSA unit of the signotec signature pad used and thus in a secure, standalone environment. The certificate from the signature pad is used. If the signature device used does not support this, the encryption is carried out in the PC. The certificate configured in the software is used. Always signature device: Encryption always takes place via the internal RSA unit of the signotec signature pad used and thus in a secure, standalone environment. The certificate from the signature pad is used. If the signature device used does not support this or the signature pad does not contain a certificate for encryption, signature capture is not possible. The signotec signature pads do not contain a certificate for the encryption of biometric data when delivered. Please refer to the functions below for the automatic import of a configured certificate from the software. The “always signature device” mode only works with the signotec signature pads with integrated RSA unit. If other input devices, such as a pen display or Windows tablet PC, are also used, this setting must not be used! The following signature pads have an integrated RSA unit and support encryption in the pad:
|
Certificate file | Configures the certificate file that is used in “always PC” or “signature device if possible” mode if the connected signotec signature pad does not have an RSA unit or no signotec signature pad is used. A self-signed certificate can also be created within the software using the “+” icon next to the file selection. If a certificate for encrypting the biometric data is created via the software, a PFX (.p12) and CER file are saved. The CER file only contains the public key of the certificate and is used to encrypt the biometric data. The PFX file also contains the private key required to decrypt the biometric data. This key must be stored securely. If the key is lost, it is no longer possible to decrypt the signatures in the event of a dispute! Default: %PROGRAMDATA%\signotec\signoSign2\default.p12 |
Exchange certificate of the signature device | Configures whether an existing certificate in the signotec signature pad should be exchanged. This option is only available if the “signature device if possible” or “always signature device” mode has been configured. Activated: An existing certificate in the signature pad is replaced by the certificate configured in the software. The certificate in the signature pad is overwritten without prompting. Recovery is not possible! Deactivated: An existing certificate in the signature pad is not replaced. Default: Activated |
Only if no certificate is stored in the signature device | Configures whether the certificate should only be replaced if no certificate has yet been saved in the pad. Activated: An existing certificate in the signature pad is not replaced. Deactivated: An existing certificate in the signature pad is replaced by the certificate configured in the software. The certificate in the signature pad is overwritten without prompting. Recovery is not possible! Default: Activated |
signotec content signing
As an alternative to Adobe-compliant digital signatures (“DigSig” signatures), “signotec content signing” can be used.
The signotec “content signing” uses special and unique RSA functions of the signotec signature pads.
During signing, the signature pad is switched to a special mode in which the current image content of the display is signed. External influences and tampering are therefore completely ruled out.
During signature capture, a hash value of the document to be signed is shown on the display of the signature pad. This hash is also entered in a configured form field of the PDF document. This allows the signatory to independently ensure that exactly this document is signed.
As an alternative to signing the LCD content (image), it is also possible to show a PDF document in the appropriate size or resolution in full on the display and sign it. It is therefore not necessary to create and compare a document hash for such specially formatted documents, as the document is already shown 1:1 in the display. Instead of the actual signature, the entire display of the signature pad is added to the document as an image on a new page.
Settings for signotec content signing
Option | Description |
|---|---|
Use “signotec content signing” | Activates the “content signing” function. Default: Deactivated |
Field for hash value of document | Configuration of the form field name in which the hash value of the document is entered. Note that the configured form field must already be contained in the document. If no field with the configured name is found, the system first checks whether the “documents of suitable size […]” option is activated. If this option is active and the document has the appropriate resolution, this option will take effect. If the form field is not present and the document does not have the appropriate resolution, a normal DigSig signature is captured. The example below illustrates the structure of the document hash: /anJdc WC q8LO k9 eX Oel54o fuK4sG 38 Ejpv zu Lh yKuDg= |
Print the document each time the hash value changes | The effect of this setting is that the document is always printed when a new document hash is created and entered in the corresponding field. This is generally the case for the document’s first signature field. For all other signature fields, it will depend on their configuration in the document type administration. The document is printed before the signature capture, so this function is useful for handing over a printed copy of the original document to the signer, for example. The hash printed on the copy can then be immediately compared with the display on the signature pad. Default: Deactivated |
Display documents of matching size completely in the signature device (no document hash) | This setting ensures that PDF documents with a suitable resolution are shown in full on the signature pad display. If this function is deactivated, these documents are treated in the same way as all other documents, so that signatures are inserted as “DigSig” signatures if no suitable form field is found from the “field for hash value of document” setting. Compatible models and resolutions: signotec Omega: 640 x 480 pixels Default: Deactivated |
Configure display | If a document hash is used, it is possible to configure the display in the signature pad. The basic structure, the document hash, the buttons and the line for the signature are preset. In addition, there are four areas “heading,” “running text,” “bottom left” and “bottom right” in which individual texts can be used. Within these individual texts, it is possible to use placeholders that have been extracted from the document via the document types, for example. The placeholders can be inserted using the “+” icon. |