Ken:

I noticed that you wrote about HIPPA certification in a prior e-mail, as well as electronic signatures.

I have a medical system (EAP, Employee Assistance Program) that needs electronic signatures, and I'm having problems absorbing some concepts (somewhat like when OOP first appeared).

Currently, I am loading the data (such as clinician notes and dates) that must be certified as not changing... into a variable, and hashing it using an .FLL called foxcrypto which uses the MD5 hashing algorithm. I believe that I am also supposed to include data that identifies the user and maybe the date it was signed.

I see that CAPICOM may be the answer. I've been able to encrypt data with CAPICOM by using the EncryptData object. I can run the MD5 & CAPICOM Encryptdata algorithm in reverse, compare the data against the original and determine if the data is changed, but I'm lost when it comes to public and private keys, and the roll certificates play.

It appears that a "private key" needs to be used somewhere in the encryption process. And that someone with a "public key" can verify that the data has not changed. Plus, it seems that there are certificates that supply these keys (???) on each machine, but how is a quandry for me.

Can you help??

Bob


SAMPLE CAPICOM code:
Function CapicomEncrypt
Lparameters pcString, pcSecret, pnAlgorithm && pcString to be encrypted
*Notes on using capicom
* to get capicom active.x
*
*
* Look here for data types, constants and error codes
*

*For More Information -
* Version - 2.0
*
LOCAL ocapicom
IF !TYPE("pcString") = "C" OR EMPTY(pcString)
MESSAGEBOX("I cannot work with an empty string")
RETURN .F.
ENDIF
IF VARTYPE(ocapicom)#'O' &&ISNULL(oCapicom)
loCapicom = Createobject("CAPICOM.EncryptedData") &&capicom object
If !Vartype(loCapicom) = "O"
MESSAGEBOX("I am not able to load the capicom.dll from Microsoft")
Return .F.
ENDIF
oCapicom = loCapicom && object reference to Microsoft capicom.dll version 2
ENDIF
IF !TYPE("pnAlgorithm") = "N"
*pnAlgorithm = 0 && Key = maximum length
*pnAlgorithm = 1 && Key = 40 bits
*pnAlgorithm = 2 && Key = 56 bits
pnAlgorithm = 3 && Key = 128 3-DES
*pnAlgorithm = 4 && Key = 192 Only for AES
*pnAlgorithm = 5 && Key = 256 Only for AES
ENDIF
*
IF !TYPE("pcSecret") = "C" OR EMPTY(pcSecret)
loNetwork = Createobject("WScript.Network")
lcHostname = loNetwork.ComputerName
pcSecret = lcHostname && create a simple dummy key for testing on this computer
ENDIF
*
**-- encrypteddata object
**--setsecret=session key
**-- A randomly-generated key that is used one time, then discarded. Session keys are symmetric (used for both encryption and decryption). They are sent with the message, protected by encryption with a public key from the intended recipient. A session key consists of a random number of approximately 40 to 2000 bits. Session keys can be derived from hash values by calling the CryptDeriveKey function.
oCapicom.SetSecret(pcSecret) && load the key
oCapicom.Algorithm = pnAlgorithm
oCapicom.Content = pcString && this is the string to be encrypted
*
lcEncText = oCapicom.Encrypt && get the encrypted string 116 characters long
Return lcEncText