Digital Signatures for SharePoint Data

By Larry Kluger, Marketing Manager Connectors & Developers, DocuSign, Inc.

Much of the time, “electronic signature” and “digital signature” refer to signing a document by using the computer instead of a pen. But digital signatures can also be used to sign data.

Why sign data?

Document formats such as PDF or Word are “end” formats—once the document is written, it is difficult and unreliable for computer software to retrieve information from the document.  But you often want to use the document’s information for further analysis, reports in different formats, summaries, or as input to another business process.

So how can a person sign a document’s information to certify or approve it, guarantee that the information will not be altered and still enable further processing as described above? The answer is to sign the information—the data—not the document.

How to sign data

Two techniques are commonly used to sign data. In both cases, you have the digital signature guarantee that the signed data has not been changed and assurance of who signed it. The signatures can be independently verified and audited since digital signatures are open, standard technology.

Signing XML data

Digital signatures can be added to XML data structures using standard techniques. The W3  XML Signature and XAdES standards are used. Digital signature systems from my company and others support these standards for both signing XML data and verifying a signed XML data file.

Using these standards to sign XML data produces a single file that includes both the data and the digital signature or signatures.

Since the signed XML data file is still an XML file, its data can easily be read by software applications and used for further processing, reporting, etc. XML is a machine-readable format, not an end format. Signed XML data is still data, ready for further use.

Signing any data using detached signatures

Any “bundle of bits” can be signed, with the resulting digital signature stored in a separate (“detached”) file. The .p7b file type is the recommended standard for detached signatures.

These signatures can also be independently verified by supplying both the data file and the p7b signature file to the verification software.

Signing SharePoint data

Look for a SharePoint “connector” or “adapter” from your digital signature supplier. In addition to signing PDF, Word and other files, it should enable SharePoint List items to be signed. It should also enable list signatures to cover only certain fields for each item in the list.

For example, a SharePoint List is used to record results of a quality assurance test. Each item in the list is for a different production piece that was tested. Each list item includes multiple fields and the list item is digitally signed by the person who conducted the test.

The digital signature will be configured to cover all of the list’s fields except for a comment field. This enables a list item’s data to be signed, but comments can still be added or modified without invalidating the list item’s signature.

Since the signed data is stored in a SharePoint list, it is easy for workflow to retrieve the data and use it for further business processes including reports, additional analysis, etc.