Signature tamper protection

1 Answer 42 Views
Signature
Michael
Top achievements
Rank 2
Michael asked on 30 Mar 2023, 07:59 PM
Does Signature component embed and/or display a DateTimeStamp when viewing the signature after it has been submitted?

1 Answer, 1 is accepted

Sort by
0
Nadezhda Tacheva
Telerik team
answered on 04 Apr 2023, 01:14 PM

Hi Michael,

By design, the value of the drawn Signature is stored as a base64 string. If needed, it is possible to add a DateTimeStamp upon change of the Signature value. You may add it to the string or store it in a dedicated field - whichever option you consider more suitable for your business needs.

The Signature component fires a ValueChanged event when its value changes. Handling this event is one option to get the component value and add the DateTimeStamp. I'd like to mention important specifics to consider with this approach. The ValueChanged will fire upon each change - this means that if the user releases the pen/mouse while signing, the event will be raised. However, this does not necessarily means that the user has completed their signature.

Another option to proceed with is to handle the OnChange event or another form of confirmation that indicates the signing process is completed (e.g. a submit button click).

I've prepared a runnable sample that demonstrates the suggestion: https://blazorrepl.telerik.com/cxuSESbx10tYrX7r31.

I hope you will find it useful. Take your time to revise and test it and please let us know if any further questions arise.

Regards,
Nadezhda Tacheva
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Michael
Top achievements
Rank 2
commented on 04 Apr 2023, 06:20 PM

Thank you for the quick reply. We would really need an option to embed a date time stamp (and possibly another value)  into/over the signature so that when it is recalled the timestamp (and any other value) CANNOT be changed. As is, I could copy the signature and use it somewhere else and thus will not guarantee that the user's signature was actually generated by said user (assumption is that users do not FORGE another person's signature) as it is not atomic.
Nadezhda Tacheva
Telerik team
commented on 07 Apr 2023, 09:41 AM

Hi Michael,

Thank you for the follow-up! I do understand your concern.

The Signature component is designed to keep just the value of the signature itself in base64 string. Thus, the component cannot embed other values such as date time stamp or additional information out of the box. This, however, does not mean that one cannot add the desired information to the component value after the user draws their signature.

Having the above in mind, you can get the Signature value and add your metadata in the desired format. I have modified the sample: https://blazorrepl.telerik.com/mRESaBkj39r6c93B53.

I hope this will help you move forward with your application.

Tags
Signature
Asked by
Michael
Top achievements
Rank 2
Answers by
Nadezhda Tacheva
Telerik team
Share this question
or