I'm developing a web application, and I'd like to digitally sign a certain step in a process
That is, a user of the app performs a certain action, and I'd like that event to be digitally signed.
The user should use and usb token when issuing the action to digitally sign it.
I'd like to know which approach do you recommend to do such a thing.
For example:
sign a database record (how do you acomplish it?) (cons: you have to validate it with the application itself, I guess)
create a pdf stating the event and the user and digitally sign the pdf (pro: the pdf is independent from the application)
create and sign and xml documento (how to acomplish it? where does the digital sign is stored?)
any other???
saludos
sas