Providing your Cryptographic Keys


FormsAssurity uses public key technology in order ensure true end-to-end control of the information sent to the forms user and received back from them. FormsAssurity encrypts the information entered into the forms generated using the public keys you attach to a form when you create it.

So before you start using FormsAssurity you will need to have available as many key pairs as are needed for your operational purposes (apart from the public key/certificate for your application you may want to use an information recovery key so that information can be recovered or audited independently, and you may need to pass the information securely into different systems that should not share cryptographic keys for security reasons).

If you are using FormsAssurity internally for digitally signing web form content then each of your users will either need to generate or be provided with a key pair/certificate so that they can digitally sign secure forms.  This is just the same with external systems where you require users to digitally sign your secure web forms.

Key can be generated in any OpenPGP compliant application – e.g. ArticSoft FileAssurity OpenPGP free reader software, FileAssurity OpenPGP, PGP, GnuPGP, etc., or alternatively you can use ones purchased from a certificate authority, such as your web server public key certificate, as X.509 compliant keys are also supported.