locked
Digital Signing solution for docs... RRS feed

  • Question

  • Hi all;

    If I want to force users to digitally sign their documents (Microsoft Office documents / PDFs / ...) for non-repudiation purposes, which solution I should follow?

    Thanks


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, September 20, 2015 3:56 AM

Answers

  • RMS can not implement non-repudiation as it doesn't have the ability to store user identities with two-factor access. So RMS will offer digital signing, but will not likely pass a non-repudiation test.

    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com

    • Proposed as answer by Amy Wang_ Sunday, October 11, 2015 1:10 PM
    • Marked as answer by R.Alikhani Monday, October 12, 2015 3:09 AM
    Saturday, October 10, 2015 9:42 AM

All replies

  • 1. This is procedure on the Office side. I do not understand why you place problem into Server forum (Yes, unless you are using RDS.)

    2. Follow this article

    https://support.office.com/en-NZ/article/Add-or-remove-a-digital-signature-in-Office-files-70d26dc9-be10-46f1-8efa-719c8b3f1a2d

    3. There are third pty solutions, google Internet a bit and find what is best for you.

    Regards

    Milos

    Sunday, September 20, 2015 4:03 AM
  • Thanks for your reply;

    As I said before, I want a solution for digital signing not only for office docs but pdf docs, too. So it is not just an office solution...

    Does AD RMS help this scenario?

    Thanks


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, September 20, 2015 4:16 AM
    • Proposed as answer by Amy Wang_ Monday, October 5, 2015 10:40 AM
    • Unproposed as answer by R.Alikhani Tuesday, October 6, 2015 2:40 AM
    Sunday, September 20, 2015 6:46 AM
  • Hi,

    If I want to force users to digitally sign their documents (Microsoft Office documents / PDFs / ...) for non-repudiation purposes, which solution I should follow

    Does AD RMS help this scenario?

    As far as I know, AD RMS can digitally sign Office documents and PDF files.

    If there are any further queries regarding AD RMS, please refer to this dedicated AD RMS forum below:

    https://social.technet.microsoft.com/Forums/en-US/home?forum=rms

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 7, 2015 4:20 AM
  • If you want true non-repudiation, then you will need a robust and secure PKI and users will need Smartcards and appropriate enrollment controls. Without the proper controls and verifications of identities and keys, then there is little chance your environment would be able to legally assert non-repudiation.

    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com

    • Proposed as answer by Amy Wang_ Friday, October 9, 2015 1:04 AM
    • Unproposed as answer by R.Alikhani Saturday, October 10, 2015 2:29 AM
    Thursday, October 8, 2015 12:40 AM
  • Adding to Mark's excellent reply, this also means upping the security of the CAs.

    - Do you have an actual offline root CA

    - Are all CAs protected by HSMs

    - Is the smart card management systems registration authority certificates proteted with an HSM

    Brian

    Thursday, October 8, 2015 1:16 AM
  • Thanks for your reply;

    Suppose I have prepared the prerequisites, now my question is, does AD RMS can help in this scenario?

    Thanks


    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Saturday, October 10, 2015 2:39 AM
  • RMS can not implement non-repudiation as it doesn't have the ability to store user identities with two-factor access. So RMS will offer digital signing, but will not likely pass a non-repudiation test.

    Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com

    • Proposed as answer by Amy Wang_ Sunday, October 11, 2015 1:10 PM
    • Marked as answer by R.Alikhani Monday, October 12, 2015 3:09 AM
    Saturday, October 10, 2015 9:42 AM