Feature request: Add hash to frontmatter

[kennyr87]

I'd like to add this feature to the commonform-build-example.

commonform.org forms support reading a hash from frontMatter.digest and throwing an error it if does not match the hash rendered from the form.

The commonform-build-example does not current support this functionality.

[kemitchell]

Interesting. Mind me asking why you want this feature?

For commonform.org, it's to make sure I don't accidentally alter the encoded substance of a form in a subsequent commit, say by making markup changes. But commonform.org is weird, in that it's essentially append only. When I track actual form project in Git, the point is usually tracking changes to the form over time.

[kennyr87]

Interesting. Mind me asking why you want this feature?

Thanks Kevin, did a bit more research to check my understanding as I am not an expert on digital cryptography. My main use case is to be able to digitally sign a PDF w/ a FOSS program (i.e. not using Adobe, etc.). Right now my workflow is to create a common form, convert it to a PDF, and send a digitally signed version (using Adobe or Zoho) to a client.

After thinking about it a bit more, I believe my use case is outside the scope of the common form program as it's a really a PDF issue. However, my plan was to create a detached signature using the common form digest and include the signature and PDF, with the visible digest, in emails to client. I don't think that would work b/c the digest is computed from the common form markdown and not the PDF, so a third party would still be unable verify PDF contents. Though welcome any suggestions if you have them?

[kemitchell]

So there's the technical part of this, and then there's the practical, get-things-done part of this. Practical first!

You have to think about what they other side will do and accept. They may really need something like DocuSign or HelloSign. Or they may be OK with a written signature superimposed on a PDF, or a signed PDF using Acrobat's offline signature feature. They may be OK with just pasting the contents of the complete agreement into an e-mail and having each side's designated signatory reply with "I agree."

Start from there. And keep in mind that "signature" in a technology or software sense and "signature" in a legal sense are not necessarily the same. Many things that aren't "signatures" in the technical sense work plenty well as "signatures" in the legal sense, sufficient for enforcing contracts. Some cryptographic "signatures" are plenty good evidence of agreement, but won't be accepted by counterparties or their lawyers, since they don't know how they work, how to verify them, or how to prove them in court.

On the technical side, if you want to do your legal signing with cryptographic signatures, you need to make sure that you sign all the relevant data that go into determining the exact terms of the agreement. Common Form has a tool to hash the contents of the form. You can sign that hash, but you still need to save the actual content, since you can't compute the terms from the hash alone. But you'll also want to sign any fill-in-the-blank values. Those definitely function as inputs to the final terms, but aren't hashed by Common Form.