>I'm not sure I understand the "2 different people signing the document".
>You're not specific about what effect this should have, or how you expect
the two to >interact.
The company and the customer are supposed to sign the document. When the
form is filled out by the company online, a username and an encryption key
(a password as the customer would know it) is sent to the customer. They are
directed to login, view and sign the document (which has already been signed
by the company). After the company signs and presents the document for the
customer to sign,, for some reason the customer needs some changes made to
the document (the "form attached to the document"), the company should be
able to make the changes to satisfy the customers changes to the "form" and
then present it back to the user for signing. I think this possibly might be
a legal issue though since the standars for e-signing act of US law states
that after signing the document, it should be checked to make sure it can't
be changed. Is this before both people sign, or after both people sign?
>Are both people supposed to be able to access the document after it's been
signed?
Yes, both customer and company have to be able to view the document. There
might be a slight issue though. When the company fills out the document,
they have to sign it before it is presented to the customer before the
customer signs it. So, basically, even though the company has already signed
the document and commited to provide the services outlined in the document,
the customer still must be able to view and sign it for themselves. We
already found that 2 encryption keys for each document would be required -
one for customer and one for company.
>Can you simply store two encrypted versions of the document?
No, this method is not possible. Disk space is expensive and the database
needs to be as small as possible. Each transaction (document signing) will
roughly take about 2-3k in size. So, there can only be 1 copy of the
document for each transaction.
>Alternatively, is it okay for the company to retain a copy of the
customer's encryption key?
Yes, that is entirely possible. The only restriction to this is that if the
customer forgets or loses their security key (password), it can't be
retrieved or reset. The conciquences to losing or forgetting the security
key is that the customer will not be able to view their signed documents
again (since most security signing services or programming addins do the
same sort of thing).