User's Guide
Reference Manual
Pane Talk
Videos
Support
Login
On this Page

    Signing and Encrypting mail

    (As of 3.2.001.02)

    DocOrigin supports email signing and encryption. External tools may be used to do the actual signing. We propose to use OpenSSL v.1.1.1 tool since this one is able to handle S/MIME v3.1 mail. You should get this tool and make it available to DocOrigin. You may do this by adding it to PATH or specify the full path to OpenSSL in DocOrigin config as we'll show below.

    Note, signing and encryption are independent tasks. While you may do encryption it is unlikely that you need it because to encrypt mail for say 1000 different recipients you need to have a 1000 public keys. But for signing, you need to have only one (your own) digital ID and all your recipients should trust it.

    That is what you need to do to organize mail signing:

    1. Get your digital ID. If you do not have one there are many ways to do this, you may just google "create digital id certificate". In our demo we will use Signer.cer and password-protected Signer.private.key in PEM format.
    2. If you are going to encrypt a mail for some user then get that user certificate. In our demo, we will use User.cer in PEM format.
    3. Get the OpenSSL tool. In our demo, we will use the one which is shipped with GIT - "c:\Program Files\Git\usr\bin\openssl.exe"
    4. Specify signing and encryption options in your scripting. See the demo below.

    Imagine that you put your keys in the same folder along with the following script:

    var args = new Object();
args.from = "signer@domain.com";
args.subject = "SubjectTest";
args.to = "user@domain.com";
args.text = "messageBody";
args.signingParams = "-signer Signer.cer -inkey Signer.private.key -passin pass:XXXYourPassXXX";
args.encryptionParams = "User.cer";

_sendmail(args);

    Notice the last two parameters: signingParams and encryptionParams. If those are specified then the corresponding routine is activated. The rest of the settings (which are unlikely to be changed) are located in Default-DocOriginSendMailServer.prm file.

    If you are on Linux, you may want to override the default "-signingTool $P/openssl.exe" and -encryptionTool $P/openssl.exe from Default-DocOriginSendMailServer.prm file.

    When you run that script (with parameter $P="c:\Program Files\Git\usr\bin") your user should get signed and encrypted mail. The look and support will vary from one mail client to another. But for example in Outlook you should see "lock" and "red ribbon" badges on the top right, you may click on them for details.

    You are free to use another signing tool or customize all parameters, see https://www.openssl.org/docs/man1.1.1/man1/cms.html for details.

    Microsoft Outlook Example

    If you are using encryption then your recipient should add his private key to mail client. For example in Outlook it is under File > Options > TrustCenter > Settings > EmailSecurity > DigitalIDs > Import...
    Eclipse Corporation offers a full range of software solutions for all your document design and automation needs – built from the ground up by the team that developed Adobe Central and JetForm. As pioneers in the enterprise document automation industry, the Eclipse team has the knowledge, experience and track record your company can rely on. Let us show you how easy it can be to modernize your company's customer communications to take advantage of cutting-edge marketing tools – and provide our powerful proprietary Integration Without Modification™ software feature in all our software solutions. Don't change your business software, change your forms software to DocOrigin.