How to implement Digital Signature in PHP

Question

I have to Implement a digital signature in a certificate which we print as PDF in PHP.

The requirement is like that a authorized person like Registrar or Sub Registrar digitally signs a certificate. The basic idea behind implementing Digital signature is to know that:

1) Is the certificate digitally signed by the Authorized person and who was that authorized person or someone else has created it who dont have the authority.

2) Is there any changes in the certificate after the registrar/Sub-Registrar digitally signed the certificate (To stop forgery).

3) When was the document signed or when were the changes were done.

I have searched a lot on this topic put getting nothing and even not any tutorial which could guide me how to do this. I have never heard about this before but according to requirement I have to do this. So please someone guide me or help me how can I implement this in PHP. The certificate in which I have to implement this is http://crsdemo.lsipl.com/crs/web/index.php/auth/birthCertificate/view/cert/B/NzU2MjQ%3D

Answer 1

There are software libraries available that will enable you to digitally sign PDF files. iText is one, but there are plenty of others, too.

However all of the libraries tend to suffer from a common problem: safe-guarding the signer's digital certificate, and in particular, the certificate's private key.

If the signed PDF will ever be audited or submitted to a relying party (recipient) who wants to assure himself that the PDF was really signed by the person who is purported to have signed it, then the digital certificate (and signing system) must be a QSCD -- Qualified Signature Creation Device. (An older name for the same idea was SSCD, "Secure Signature Creation Device.")

Smart cards were the old way to create a QSCD. More modern is to use a centralized signing appliance. My company, DocuSign, makes a QSCD with an API, others do too.