Answer the question
In order to leave comments, you need to log in
How to implement forms on a site with the possibility of an electronic signature?
The task is as follows. There are clients from whom we want to receive certain data, for example, there is a medical form that the client must fill out. At the same time, this form must have a legal significance. In the event of a dispute, we should be able to refer to this form to confirm the client's agreement with certain points. I understand that this problem is solved by an electronic signature. Question - how best to organize it on the site? What are the means and tools for this? Maybe someone has a similar experience. Are there any online services that solve these issues? I would be grateful for help.
Answer the question
In order to leave comments, you need to log in
Read in the end about asymmetric cryptography and PKI.
In general, in short, if you want a legally significant electronic document flow with clients, you sign an agreement with each that the parties agree to consider a handwritten electronic signature made using such and such a technology.
The technology may be different. Pretty simple and lightweight option is PGP, it's not PKI but pretty close.
Each party generates a pair of keys (secret/public), the public key is transferred to the opposite party. With the help of the appropriate software, the files are signed and sent to the second party.
It is important here that each of the participants generates keys for himself and the private key is never transferred to anyone.
It is on this principle that most banks work, only they are required to use domestic certified cryptography (CryptoPro, CryptoCom ...).
If you switch to PKI, then another character is added - a certification authority (CA). Each party, after generating the key, sends a certificate request to the CA and receives a certificate from it. A certificate is essentially a public key signed on a CA key with various restrictions. For example, there is a limitation on the period of use of the certificate.
I’m not sure exactly, but it seems like in our country you can’t use Western crypto by law, so it’s better to immediately focus on domestic software. For example, not a bad option CryptoPro + CryptoARM. Domestic costs money.
If you ask, what about SSL - there are entirely Western algorithms that are not certified, I will answer - there are special clauses about this in the law, the point is that if it is not possible to remove support for Western algorithms from the software, then you can. But in relation to the workflow, this cannot be pulled.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question