Electronic signatures in web form

A client of mine wants to incorporate an electronic signature in a web form. Can anyone suggest a good product to do this? He's looking for a relatively cheap solution.

From my point of view, something that works well with PHP would be better.

Thanks.

What exactly is he hoping to achieve with this? You need to provide much more detail on the problem before we can help you with a solution.

I want to incorporate an electronic signature in a web page so that others can not change or copy it or falsify it.

What, exactly, are you trying to protect yourself from? Unless you have an infrastructure in place to provide your clients with uncorruptible signatures for your document, all you have done is add another (small) bump in the road for any hacker to corrupt your system. If you have paranoid clients that will verify the signatures that come with your documents then there is a reasonable chance that they will retain the most current (and valid) version of whatever key you use to verify the authenticity of your documents, but if you are expecting random visitors to your site to take the time to download, install and execute software (how can they trust the software?) to verify the signatures on the documents, you are asking a very large amount, probably too much.

If a hacker gains access to your site, he/she has the ablity to modify the signatures to match whatever changes that are made to the document.

Now, if I adopt the electronic signature, how do I make a signature on web pages or encrypt the datas of web pages so that others can't change them. In this environment,I must assure that the author of these datas is me. Readers also can believe that the author of these datas is me . Can you give me some suggestions or offer some methods ! Thank you very much!

You must be able to ensure the security of your web server. I talk a bit about it on this thread: http://forums.devshed.com/t148569/s.html, but if you are just serving static pages a lot of my comments are meaningless. Even if you are able to totally secure your web server, it is still possible for people to be directed to another server all together (by fooling DNS) or by spoofing your web site. Unless you are going to exclusively serve your data via HTTPS and require authentication, there is very little you can do to protect yourself from such activities. The question you have to ask is 'is your data that important?'. If you feel it is, then you need to get a SSL certificate, install it on your server, and ensure that your content is only served via the secured pages. Then you need to hope that the people accessing your site will actually care to check that the site has a valid certificate (are you even sure they will check your digital signature?). To get a really good idea that your content is served tamper free, you will need the user to supply some token (such as a user name/password) that some other spoofing site would have to capture somehow (which is possible, btw). Of course, somehow you need to get the token to the user so they can access your site. Keep in mind that all of this can be duplicated to the point where the user can't distinguish the switch!

Actualy what I would do is install an IDS sensor such as SNORT that will validate the authenticity of the files and send an alarm when they are modified. that way you will know if your files on the web server have been compromised. the use of SSL and certificates is also a good idea.