of TransForm Designer prevents unauthorized people from modifying the design of a form (the form layout) - even with another copy of TransForm Designer. TransForm Designer allows form designers to securely lock forms and automatically verify the veracity of received forms by using banking-strength encryption. The Lock feature of TransForm Designer prevents unauthorized people from modifying the design of a form (the form layout) - even with another copy of TransForm Designer.
In addition, a form must be locked in order to enable encryption and/or signing of form data by users. The locking is a 2-step process. The first phase permits the form author to specify the cryptographic algorithms that will be used with the form. These preferences determine what encryption method will be used for protecting the layout and user data, and whether the form layout is to be signed with the author's personal certificate. The second phase is the actual locking of the form and happens when the form is saved to disk from within TransForm Designer: the fixed elements of the form (layout, lock preferences, etc.) are hashed, forming the layout hash. This hash is then optionally signed, then finally encrypted using the specified method.
In summary, before a form is published it should always be locked because it:
Prevents unauthorized people from further editing the form layout.
Allows Filler to determine if a form has been tampered with.
Enables encryption and signatures (which are not available otherwise).
Can allow Filler users to certify who authored the form.
You can lock a form using TransForm's built-in encryption, or use a digital certificate provided by a certificate authority.
The TransForm Encryption method can be used to encrypt any Field Sets and attachments. Also, the layout hash is mixed with the author's form password (also referred to as the 'lock' password or master password) hash, rehashed, and encrypted with TransForm Encryption. Because the author's form lock password is the only one that can decrypt this, the form is protected from editing. In the event someone duplicated the form, the original author can detect this by attempting to open the form with his form lock password while using TransForm Designer. If the original form author cannot open the form with his form lock password, then he or she is not the author, and form counterfeiting or 'spoofing' can be proven beyond a reasonable doubt. Other cases of tampering can be also be detected by TransForm Filler by recalculating the layout hash and comparing it with the stored one.
The form author's password is used by the Diffie-Hellman key exchange to generate the public value that is embedded in the form and covered by the layout hash. This public value participates in all encryption actions performed by the users, allowing the form author to decrypt the form without knowing the users' password(s).
When the form author chooses to use a digital certificate for form locking, the keys associated with the digital certificates govern the encryption of the layout hash, Field Sets, and attachments. The layout hash is encrypted with the designer's public key, making it possible for the designer to edit the form and/or unlock it later by supplying the private key.
To avoid situations where the private key is damaged or lost and the form would have been rendered unusable, the author is asked to provide a supplemental, or 'backup' password. This backup password will not participate in user data encryption. It is required only when the private key is not present on the system and an authorized individual (likely not the original form author) needs to open the form. The backup password can only be used with Designer. If the backup password is used to open a locked form, the locking preferences are destroyed, the form is unlocked, and the author is warned to re-lock the form.
In a manner similar with TransForm Encryption, the author's certificate is embedded in the form and will participate in all encryption actions concerning user data (Field Sets and attachments), so the form designer will be able to decrypt the form without the need for the users to explicitly designate him as a "recipient."