Testing a Secure Form
It is impossible to emphasize enough how important it is to test that the form you have designed is going to perform in the way that you expect before you commit to licensing a Secure Form.
In order to support you fully, ArticSoft FormsAssurity provides two levels of testing that you should use prior to generating a final applet for a production system.
Preview testing
This level of testing shows you what a form will look like when it loads onto a forms user’s screen. You see the form in your browser just as the forms user will see it in their browser.
Please remember that all browsers respond slightly differently to the commands that they are given, and, as a result, a form may be displayed differently by different browsers, even though the encrypted information that you receive is identical. ArticSoft do not provide methods for testing output on multiple browser formats and recommend that you use a suitable commercially available product for that purpose.
In the preview test you are able to check that multiple choice and other entry boxes display correctly and that choices and selections work, and that labels and appropriate input boxes are correctly aligned.
You are able to enter information into the boxes, and, using the submit button, have the information that you have entered encrypted with the key that you have specified, and Emailed to your specified Email address. (You must use this option at this stage of testing because it is not possible to provide a web link in the Preview test.)
When the form contents you are testing are returned to you by Email you will find an attachment that has a file label of FormData.txt.asc. This file is the information that has been encrypted from the form. To decrypt it you will need to use any OpenPGP compliant product which has been loaded with the private key matching the public key/certificate you associated with this form. (If you entered more than one public key/certificate, then any corresponding private key will be able to decrypt the information.)
The information in the decrypted form is in the same form as you will later receive either as an encrypted form or as an encrypted web transfer, depending upon how you choose to implement your services.
You should use preview testing until you are confident that you are certain that the operation of the information fields on the screen are as you expect them, and that the output you receive is in the layout that you will subsequently process when the system goes live.
Please remember that this level of testing will not allow you to check that information coming from other forms through the use of Javascript handled processes is being received correctly. This is because at this stage you are not carrying out full integration testing, but checking the basic functional operation of the forms design.
Below is an example completed form :
and how this looks in Preview mode :
Trial testing
Trial testing provides a further layer of testing to exercise the form fully before going into production. Trial testing allows you to carry out integration testing into your eCommerce or manual processing system so that you can be fully confident over the behaviour of the system when it goes live.
Trial testing is carried out using the trial button of the ‘generate applet’ function.
What this allows you to do is to generate an applet that will perform in exactly the same manner as a live form will, except that the encryption key pair is forced to be the default key pair for all testing, and that the secure form generated has a valid life of 15 calendar days from the time of generation.
However, in this testing mode, you are able to carry out all the integration work you need to check that integration with the other web pages, and any data that they are expecting to provide to the forms page, or receive from the forms page, is performing correctly.
Generated Trial applets allow you to edit them in order to provide external data fields that may be necessary to your business process - it may be necessary to pass a session identifier or a customer reference number or a shopping cart identifier from one page to another. These tests can be carried out by your own department using the secure form as it will behave in production, except that it will not use the encryption keys that will be implemented in the final, licensed, production version.
If you have not purchased the ArticSoft server script service for online processing of secure forms being returned over the web you will need to carry out Trial testing using the manual Email service, or develop your own means of processing OpenPGP encrypted forms and attachments so that you can handle the information being returned.
When testing in Trial mode you can continue to generate applets that have a limited life, so there is never any need to purchase a forms license until you are ready to go into production. Please recall that test forms are clearly identified as such to users and the life of any generated test form is 15 calendar days, so if you are going to carry out extended systems testing you need to check that you do not run out of time on a particular form whilst testing.
Please also remember that when you go into production with a secure form the validity date(s) of the public keys/certificates cannot be altered. If you anticipate that a form will be in use for the next two years make sure that the public keys/certificates also have a valid life of at least two years. Once you have gone into production it is not possible to change the public key/certificate(s) declared during the binding process.