2. Using the inoQulate Solution#

2.1. TL;DR#

The inoQulate solution operates on the Azure File Share tied to the storage account of Kind StorageV2 and Resource Group mc_mrg-xxx_inoqulate_<location>.

Drop the PDFs to inoQulate in the data/toInoQulate folder of the Azure File Share. Retrieve the inoQulated PDFs from data/inoQulated.

Use the inoQulate PDF Verifier application to verify that your PDF documents are protected.

2.2. Working Directory#

Before using the solution, ensure the solution has been set up, and a test run of the service has been completed.

The inoQulate solution works with the data folder of an Azure File Share.

The directory structure of data containing some sample files is as follows:

data
├── done
│   └── sample.pdf
├── error
├── inoQulated
│   └── sample.pdf
├── report
│   └── 2023-07-11T05.12.03+0000.txt
└── toInoQulate
  • The inoQulated folder contains the inoQulated copies of the original files.

  • The original pre-inoQulation copy of the files are moved to done on successful completion.

  • The error folder contains files that failed to be inoQulated. Investigate the container logs for the reason for failure.

  • The report folder contains a summary for every job run of the service. Each summary details a list of files that were detected, successfully inoQulated, and failed inoQulation.

  • For the toInoQulate folder,

    • All PDF files in this folder will be picked up for inoQulation.

    • Files not of PDF format will be moved to error.

    • Files not of PDF format and starts with a period . will be ignored.

2.3. Scheduled Runs#

The inoQulate solution works by polling PDF files from the data\toInoQulate folder periodically. Hence, you should copy all PDF files you want to inoQulate into the data\toInoQulate folder of this Azure File Share.

Kubernetes CronJobs run jobs according to the run schedule configured at Kubernetes Cluster.

2.4. Create a Pipeline for your documents#

You need to drop your documents to inoQulate into the given Azure File Share.

For testing purposes, you can consider manually uploading documents into the folder directly. You can use the command kubectl create job <jobname> --from=cronjob/servicerunner to manually trigger a run.

A more permanent solution depends on how your documents can be accessed in your company’s document store. Examples include:

  • Using Azure Data Factory to move files

  • Running a script from the document host system to upload files into the File Share

  • Mounting the File Share in an ephemeral system that downloads files from your document store

You are advised not to rely on the administrator VM to copy your documents to the File Share as a permanent solution. Keeping the VM running incurs significant costs.

2.5. Verifying the inoQulation#

The recommended way to check that your document is inoQulated is done in two steps:

  1. Open it in Adobe Acrobat Reader. The signature(s) of the document should be reported as valid.

  2. Verify it with the provided inoQulate PDF Verifier application. The document should be reported as verified.

2.5.1. Adobe Acrobat Reader#

Note that you have to trust the Certificate Authority (CA) for every machine that you want to open and verify the signature of the document in.

  1. Open the inoQulated document in Adobe Acrobat Reader.

  2. Click the Signature Panel button.

  3. Expand the signature tied to the inoQulate service, usually Rev. 1. Expand Signature Details and click Certificate Details.

  4. In the left panel of the Certificate Viewer, click the CA that you created.

  5. Click the Trust tab.

  6. Click Add to Trusted Certificates….

  7. Click Ok three times.

  8. Right-click the signature and click Validate Signature. Click Cancel if the ManagementCA prompts pop up.

  9. The panel should read Signed and all signatures are valid.

2.5.2. inoQulate PDF Verifier#

When you set up the inoQulate solution, the inoQulate PDF Verifier application is provided. See the Install the inoQulate PDF Verifier step on how to install the application.

  1. Double-click the inoQulate PDF Verifier application on your desktop.

  2. If directories are different from the installation and setup, edit the fields as necessary.

    • The Proofs Directory is where the Signature Pre-Image Proofs are stored.

    • The PDF Path/Directory is where the PDF documents you want to verify are stored. This field accepts both the path to an individual file, or a directory of PDF documents, in which all PDF documents will be verified.

    • The Report Directory is where the generated verification report will be stored. It summarises the documents that were verified inoQulated or otherwise.

  3. Click Verify.

  4. The results of the verification are displayed in the application, and a report is generated and saved to the Report Directory.

  5. Ensure that the documents are successfully verified in the results displayed in the application, and in the generated report.

2.6. Accessing the Administrator pages#

The solution setup recommends that the Virtual Machines be stopped when the admin is not using them.

See How do I start my Administration Virtual Machine?.