As following tips
1.when I want to sign a message, do I must have the private key?
Without a private key you can't able to sign a message it is required when signing a message.
2.any one can using just public key to sign a message?and pass verification?
No, you can't sign a message with the public key, the private key is required because it proves that you own that wallet or that public key.
3.is there any trusted site or tool for signing?
I do not recommend any web tools to sign a message it's risky I recommend use Electrum Wallet instead.
4.how to implement it by PHP?(code better)
I don't have much knowledge in PHP but check this open source code below in PHP.
Edit:
Verify signed message in PHP
-
https://github.com/Bit-Wasp/bitcoin-php/blob/master/examples/signedmessage.verify.phpCreate sign message in PHP
-
https://github.com/Bit-Wasp/bitcoin-php/blob/master/examples/signedmessage.create.phpYou need to install the whole respiratory to make the PHP code above work.
to read the whole project is a big task.
Is there any open source, simple project which just for implement the signing function. It must be open source, no one will trust this kind of software, even Electrum .if I want to sign a message with more than 100 bitcoins, I really can not trust any software even with big companies. Do you think so?