Mirto Silvio Busico a écrit : > He all, > I've seen in the roadmap that the feature "Digital signature of > documents and workflow actions" is scheduled for Nuxeo Ep 6.0. > > Is this feature suitable to create a document vault where document are > signed and you can legally assert that they are original and not modified?
What you can do is add a new schema to your document types to store document signatures as blobs in a new field (similar to the "content" field of the current "file" schema). The real problem is: where do you hold the private key(s)? On the server side or on the client side? Who is responsible to sign the document? The user with a cryptographic feature of the browser, or the nuxeo application on the server? You might also want to keep the private key(s) on a cryptographic token to ensure no one can steal it. In that case you either need make nuxeo pkcs aware (not a big deal) or ensure your users are able to use the key management features of their browser and probably need a helper extension to make it more user friendly to sign documents transparently at upload time. -- Olivier _______________________________________________ ECM mailing list [email protected] http://lists.nuxeo.com/mailman/listinfo/ecm
