6 Implementing a Digital Signature

This chapter describes how to implement a digital signature in PDF documents generated by BI Publisher.

It covers the following topics:

Introduction

BI Publisher supports digital signatures on PDF output documents.

Digital signatures enable you to verify the authenticity of the documents you send and receive. Oracle BI Publisher can access your digital ID file from a central, secure location and at runtime sign the PDF output with the digital ID. The digital signature verifies the signer's identity and ensures that the document has not been altered after it was signed.

For additional information, refer to the Verisign and Adobe websites.

Prerequisites and Limitations

Before you can implement digital signatures with Oracle BI Publisher output documents, be aware of the following:

A digital ID obtained from a public certificate authority or from a private/internal certificate authority (if for internal use only). You must copy the digital ID file to a secure location of the file system on the server that is accessible by the BI Publisher server.

Use of digital signatures with Oracle BI Publisher output documents has the following limitations:

  • Only a single digital ID can be registered with BI Publisher.

  • Only reports submitted through BI Publisher's Schedule Report Job interface can include the digital signature.

  • The digital signature is enabled at the report level; therefore, multiple templates assigned to the same report share the digital signature properties.

Obtaining Digital Certificates

You can obtain a digital certificate either by purchasing one or by using the self-sign method.

  • Purchase one from a certificate authority, such as Verisign, and save it to your computer. This method is recommended because it is easier to verify (and therefore trust) the authenticity of the certificate that you purchase. Next, use Microsoft Internet Explorer 7 or later to create a PFX file based on the certificate you purchased. See Creating PFX Files.

  • Create a self-signed certificate using a software program, such as Adobe Acrobat, Adobe Reader, OpenSSL, or OSDT. This method is less preferred because anyone can create a self-signed certificate. Therefore, it is more difficult to verify and trust the authenticity of the certificate.

    Typically, when you create a self-signed certificate using a software program, the program saves the certificate as part of a PFX file. If this is the case, you do not need to create another PFX file (as described in Creating PFX Files).

    To create a self-signed certificate using Adobe Reader:

    1. Open Adobe Reader.

    2. From the Document menu, click Security Settings.

    3. Select Digital IDs on the left.

    4. On the toolbar, click Add ID.

    5. Follow the steps in the Add Digital ID wizard. For assistance, refer to the documentation provided with Adobe Reader.

    6. When prompted, save your self-signed certificate as part of a PFX file to an accessible location on your computer.

    After you create your self-signed certificate as part of a PFX file, you can use the PFX file to sign PDF documents by registering it with BI Publisher. See Implementing a Digital Signature.

Creating PFX Files

If you obtained a digital certificate from a certificate authority, you can create a PFX file using that certificate and Microsoft Internet Explorer 7 or later.

Note:

If you created a self-signed certificate using a software program such as Adobe Reader, it is likely that the program created the certificate in a PFX file. If this is the case, you don't have to create another PFX file. You can use the one you have.

To create a PFX file with Microsoft Windows Explorer 7 or later:

  1. Ensure that your digital certificate is saved on your computer.
  2. Open Microsoft Internet Explorer.
  3. From the Tools menu, click Internet Options and then click the Content tab.
  4. Click Certificates.
  5. In the Certificates dialog, click the tab that contains your digital certificate and then click the certificate.
  6. Click Export.
  7. Follow the steps in the Certificate Export Wizard. For assistance, refer to the documentation provided with Microsoft Internet Explorer.
  8. When prompted, select Use DER encoded binary X.509 as your export file format.
  9. When prompted, save your certificate as part of a PFX file to an accessible location on your computer.

After you create your PFX file, you can use it to sign PDF documents.

Implementing a Digital Signature

You can set up and sign your output PDF documents with a digital signature.

To implement a digital signature:

  1. Register the digital ID in the BI Publisher Administration page and specify the roles that are authorized to sign documents, as described in Registering Your Digital Signature ID and Assigning Authorized Roles.
  2. Specify the display field location, as described in Specifying the Signature Display Field or Location.
  3. Enable Digital Signature for the report using the report properties.
  4. Log in to BI Publisher as a user with an authorized role and submit the report through the BI Publisher scheduler, choosing PDF output. When the report completes, it is signed with your digital ID in the specified location of the document.

Registering Your Digital Signature ID and Assigning Authorized Roles

BI Publisher supports the identification of a single digital ID file.

To register a digital ID in the BI Publisher Administration page:

  1. On the Administration tab, under Security Center, click Digital Signature.
  2. On the Digital Signature subtab, enter the file path to the digital ID file and enter the password for the digital ID.
  3. Enable the Roles that must have the authority to sign documents with this digital ID. Use the shuttle buttons to move Available Roles to the Allowed Roles list.
  4. Click Apply. The figure below shows the Digital Signature subtab.

Specifying the Signature Display Field or Location

You must specify the location for the digital signature to appear in the completed document. The methods available depend on whether the template type is PDF or RTF.

If the template is PDF, use one of the following options:

If the template is RTF, use the following option:

Specifying a Template Field in a PDF Template for the Digital Signature

Include a field in the PDF template for digital signatures.

See Adding or Designating a Field for a Digital Signature in Report Designer's Guide for Oracle Business Intelligence Publisher for instructions on including a field in the PDF template for the digital signature.

Specifying the Location for the Digital Signature in the Report Properties

When you specify a location in the document to place the digital signature, you can either specify a general location (Top Left, Top Center, or Top Right) or you can specify x and y coordinates in the document.

You can also specify the field height and width. This is done through properties on the Runtime Configuration page. Therefore you do not need to alter the template to include a digital signature.

To specify the location for the digital signature:

  1. In the catalog, navigate to the report.
  2. Click the Edit link for the report to open the report for editing.
  3. Click Properties and then click the Formatting tab.
  4. Scroll to the PDF Digital Signature group of properties.
  5. Set Enable Digital Signature to True.
  6. Specify the location in the document where you want the digital signature to appear by setting the appropriate properties as follows (note that the signature is inserted on the first page of the document only):

    • Existing signature field name — Does not apply to this method.

    • Signature field location — Provides a list containing the following values:

      Top Left, Top Center, Top Right

      Select one of these general locations and BI Publisher places the digital signature in the output document sized and positioned appropriately.

      If you set this property, then do not enter X and Y coordinates or width and height properties.

    • Signature field X coordinate — Using the left edge of the document as the zero point of the X axis, enter the position in points to place the digital signature from the left.

      For example, to place the digital signature horizontally in the middle of an 8.5 inch by 11 inch document (that is, 612 points in width and 792 points in height), enter 306.

    • Signature field Y coordinate — Using the bottom edge of the document as the zero point of the Y axis, enter the position in points to place digital signature from the bottom.

      For example, to place the digital signature vertically in the middle of an 8.5 inch by 11 inch document (that is, 612 points in width and 792 points in height), enter 396.

    • Signature field width — Enter in points the desired width of the inserted digital signature field. This applies only if you are setting the X and Y coordinates.

    • Signature field height — Enter in points the desired height of the inserted digital signature field. This applies only if you are setting the X and Y coordinates.

The figure below shows a report that is configured to place the digital signature at specific x and y coordinates in the document.


Description of GUID-8513F431-CAA0-4A5C-96B4-EBAAE7C7B03D-default.gif follows
Description of the illustration GUID-8513F431-CAA0-4A5C-96B4-EBAAE7C7B03D-default.gif

Running and Signing Reports with a Digital Signature

Users assigned a role with the digital signature privilege can attach the digital signature to their generated reports configured to include the digital signature. The digital signature can be inserted only on scheduled reports.

To sign reports with a digital signature:

  1. Log in to BI Publisher as a user with a role granted digital signature privileges.
  2. In the catalog, navigate to the report that has been enabled for digital signature, and click Schedule.
  3. Complete the fields on the Schedule Report Job page, select PDF output, and then submit the job.

    The completed PDF displays the digital signature.