3

I'm trying to replace an old Java applet that was used for digitally signing data in an ASP.NET application.

I'm trying to access the private key from the client certificate, sign some data, and send the signed data back to the server.

I've been looking at PKI.JS, but if there is a C# way to accomplish this with Blazor that would be one less external dependency.

Ryan VandenHeuvel
  • 141
  • 1
  • 5
  • Blazor server-side or Blazor client-side (WebAssembly) ? With server-side you have the complete Core 3 library at your disposal. – H H Sep 13 '19 at 21:50
  • It would have to be client side. I would need access to the user's cert store in order to find a signing certificate and access its associated private key to sign the data. On the server side you only have access to the public key of the client certificate. – Ryan VandenHeuvel Sep 14 '19 at 16:03
  • After doing some more research it doesn't look like WebAssembly, Blazor, or any other JS library is going to be able to access the signing certificates on a smart card, or the OS certificate store. People have been creating Chrome plugins to do this, but that's not a viable option for my purposes. – Ryan VandenHeuvel Sep 15 '19 at 13:06
  • Kind of makes sense, doesn't it? Would you like to visit a page that starts uploading your private keys? – H H Sep 15 '19 at 13:35
  • 2
    A little clarification: the intent was not to upload someone's private key anywhere. The data would be signed at the client and sent back to the server with the public key. As of today I don't see anyway to access the local certificate store from a client-side technology other than a java applet, silverlight, or a custom browser extension. None of those are viable options IMO. – Ryan VandenHeuvel Sep 16 '19 at 18:12
  • It's not about your intentions but about what you _could_ do. – H H Sep 16 '19 at 18:32
  • I'm interested in the same. The idea is to let the "client side" to sign documents (without getting any personal key) and get them back to the "server side" – rasputino Dec 10 '19 at 16:36

2 Answers2

0

This is doable with fortifyapp.com

rmhrisk
  • 1,814
  • 10
  • 16
-2

I’m searching the solution for this. My idea is to save the the signing data to a local folder in client machine. My c# signing app,which is locally installed on client computer monitors the folder and perform signing. After that it put the signed data to an Azure blob storage and notify browser via Azure Event Grid.

Everything related to the signing is my c# code.

Eric Ngo
  • 111
  • 1
  • 7