[SeanF]

Hi:

I have a business management system which is written in PHP/MySQL and includes various functions such as CRM, Business Development, Sales Management. etc. My customers (SAAS) use it to manage their businesses and THEIR customers can login to access important documents, purchase products and services, etc.

I would like to add electronic signatures as a feature so my customers can have their customers digitally sign agreements. Currently, there is a simple "Type your name here and check the box indicating you agree to the terms of this [document] ". Technically, that is not a digital signature and I am sure it could be challenged in court. For more robust purposes, the system has the ability to download, scan and upload actual paper signatures.

What's the best way to include a verifiable digital signature. I'd like not to go down the road of Docusign (or similar) because I think it will get pretty pricy, given the number of users.

Does anyone have any experience developing simple electronic signatures? Is it something I can program myself and have it legally binding?

Thanks

[requinix]

Digital signatures are not literally signatures in a digital form. They're part of a cryptographic system.

You may not need full cryptography - if you're worried about courts then consult a lawyer, of course, but it's likely sufficient to simply prove that a particular user agreed to the terms. Which your application should already be able to do by virtue of existing.

[SeanF]

OK, thanks for the reply... I will start by investigating "cryptographic systems".

Originally Posted by requinix

Digital signatures are not literally signatures in a digital form. They're part of a cryptographic system.

You may not need full cryptography - if you're worried about courts then consult a lawyer, of course, but it's likely sufficient to simply prove that a particular user agreed to the terms. Which your application should already be able to do by virtue of existing.

[requinix]

Might I suggest Wikipedia?

[kicken]

If I remember right, when I did my taxes turbo tax's e-signature setup was basically just a place to type my name and current date, nothing real fancy. Most places where I've had to e-sign something has been a similar process. I have no idea what exactly the rules are for such a system though, that's where you'd have to ask a lawyer.

If the users have an account there, you could perhaps require them to re-enter their password at the same time in order to sign something as an attempt to verify that it is indeed them submitting the signature.

If you want to use cryptographic digital signatures then your users would have to obtain and keep a digital certificate to use for the signing process. I wouldn't trust your average Joe to do such a thing since most people can barely keep their passwords and photos.