Secure Reports

This topic describes how to secure pixel-perfect reporting.

Use Digital Signature in a PDF Document

You can apply digital signatures to PDF output documents.

Digital signatures enable you to verify the authenticity of the documents you send and receive. You can upload your digital signature file to a secure location, and at runtime sign the PDF output with the digital signature. The digital signature verifies the signer's identity and ensures that the document hasn't been altered after it was signed.

For additional information, refer to the Verisign and Adobe websites.

Prerequisites and Limitations

When you use digital signatures with documents in Publisher , you must be aware of a few limitations.

Keep the following limitations in mind:

  • You can register only a single digital signature with Publisher.

  • Only the reports scheduled in Publisher can include the digital signature.

  • The digital signature is enabled at the report level; therefore, multiple templates assigned to the same report share the digital signature properties.

Obtain Digital Certificates

You can obtain a digital certificate either by purchasing one or by using the self-sign method.

To obtain a digital certificate:

  • Perform one of the following:
    • Purchase a certificate from an authority, verify and trust the authenticity of the certificate, and then use Microsoft Internet Explorer 7 or later to create a PFX file based on the certificate you purchased.
    • Create a self-signed certificate using a software program such as Adobe Acrobat, Adobe Reader, OpenSSL, or OSDT as part of a PFX file, and then use the PFX file to sign PDF documents by registering it with Publisher. Bear in mind that anyone can create a self-signed certificate, so use care when verifying and trusting such a certificate.

Create PFX Files

If you obtained a digital certificate from a certificate authority, you can create a PFX file using that certificate and Microsoft Internet Explorer 7 or later.

You don't need to create a PFX file if a self-signed certificate PFX file already exists.

To create a PFX file with Microsoft Windows Explorer 7 or later:

  1. Ensure that your digital certificate is saved on your computer.
  2. Open Microsoft Internet Explorer.
  3. From the Tools menu, click Internet Options and then click the Content tab.
  4. Click Certificates.
  5. In the Certificates dialog, click the tab that contains your digital certificate and then click the certificate.
  6. Click Export.
  7. Follow the steps in the Certificate Export Wizard. For assistance, refer to the documentation provided with Microsoft Internet Explorer.
  8. When prompted, select Use DER encoded binary X.509 as your export file format.
  9. When prompted, save your certificate as part of a PFX file to an accessible location on your computer.

After you create your PFX file, you can use it to sign PDF documents.

Apply a Digital Signature

You can set up and sign your output PDF documents with a digital signature.

To apply a digital signature:

  1. Register the digital signature in the Publisher Administration page and specify the roles that are authorized to sign documents.
  2. Specify the display field location.
  3. Select the Enable Digital Signature property for the report.
  4. Log in as a user with an authorized role and submit the report through the Publisher scheduler, choosing the PDF output. When the report completes, it is signed with your digital signature in the specified location of the document.
Register Your Digital Signature and Assign Authorized Roles

Publisher supports the identification of a single digital signature.

You must upload the digital signature file in Upload Center.

To register a digital signature:

  1. On the Administration tab, under Security Center, click Digital Signature.
  2. Select the digital signature file you uploaded in Upload Center and enter the password for the digital signature.
  3. Enable the Roles that must have the authority to sign documents with this digital signature. Use the shuttle buttons to move Available Roles to the Allowed Roles list.
  4. Click Apply.
Specify the Signature Display Field or Location

You must specify the location for the digital signature to appear in the completed document. The methods available depend on whether the template type is PDF or RTF.

If the template is PDF, use one of the following options:

  • Specify a template field in a PDF template for the digital signature.

  • Specify the location for the digital signature in the report properties.

If the template is RTF, specify the location for the digital signature in the report properties.

Specify a Template Field in a PDF Template for the Digital Signature

Include a field in the PDF template for digital signatures.

Report authors can add a new field or configure an existing field in the PDF template for the digital signature. See Add or Designate a Field for a Digital Signature.

Specify the Location for the Digital Signature in the Report Properties

When you specify a location in the document to place the digital signature, you can either specify a general location (Top Left, Top Center, or Top Right) or you can specify x and y coordinates in the document.

You can also specify the height and width of the field for the digital signature by using runtime properties. You don't need to alter the template to include a digital signature.

To specify the location for the digital signature:

  1. In the catalog, navigate to the report.
  2. Click the Edit link for the report to open the report for editing.
  3. Click Properties and then click the Formatting tab.
  4. Scroll to the PDF Digital Signature group of properties.
  5. Set Enable Digital Signature to True.
  6. Specify the location in the document where you want the digital signature to appear by setting the appropriate properties as follows (note that the signature is inserted on the first page of the document only):
    • Existing signature field name — Doesn't apply to this method.

    • Signature field location — Provides a list containing the following values:

      Top Left, Top Center, Top Right

      Select one of these general locations and Publisher places the digital signature in the output document sized and positioned appropriately.

      If you set this property, then don't enter X and Y coordinates or width and height properties.

    • Signature field X coordinate — Using the left edge of the document as the zero point of the X axis, enter the position in points to place the digital signature from the left.

      For example, to place the digital signature horizontally in the middle of an 8.5 inch by 11 inch document (that is, 612 points in width and 792 points in height), enter 306.

    • Signature field Y coordinate — Using the bottom edge of the document as the zero point of the Y axis, enter the position in points to place digital signature from the bottom.

      For example, to place the digital signature vertically in the middle of an 8.5 inch by 11 inch document (that is, 612 points in width and 792 points in height), enter 396.

    • Signature field width — Enter in points the desired width of the inserted digital signature field. This applies only if you're setting the X and Y coordinates.

    • Signature field height — Enter in points the desired height of the inserted digital signature field. This applies only if you're setting the X and Y coordinates.

Run and Sign Reports with a Digital Signature

If you've been assigned a role that's been granted the digital signature privilege, you can sign a generated report with a signature, if the report has been configured to include signatures. You can sign only scheduled reports with signatures.

To sign reports with a digital signature:

  1. Log in as a user with a role granted digital signature privileges.
  2. In the catalog, navigate to the report that has been enabled for digital signature, and click Schedule.
  3. Complete the fields on the Schedule Report Job page, select PDF output, and then submit the job.

    The completed PDF displays the digital signature.

Use PGP Keys for Encrypted Report Delivery

You can use PGP encryption to secure file delivery through the FTP server and the Content server.

You can configure the FTP server and Content server delivery channels to use the PGP public keys to deliver PGP encrypted files. You can configure an FTP server to use the PGP encrypted files in ASCII armor format.

Use Security Center to upload and download the PGP keys.

Manage PGP Keys

You can upload, download, and delete the PGP keys in the Administration page.

To manage PGP Keys:
  1. From the Administration page, under Security Center, select PGP Keys.
  2. To upload PGP keys to keystore, click Choose File, select the PGP key file, and then click Upload.
  3. To download the PGP public keys, click the download icon corresponding to the public key file.
  4. To delete PGP keys, in the PGP Keys table, click the delete icon corresponding to the PGP keys.