3

Any directions on how to deal with this scenario: I have one web app that needs to upload a local file (not yet signed, a text file, for example), than sign it locally (so one applet) using the private key stored in a token/smart card owned by the writer of the text file (java stuff/api/etc) and finally do the HTTP(S)/POST to my choosen servlet?

if I do not have to write the applet by myself it would be better :), so I am looking for something (open source or not, since there must be some trickery here and there) that can just do the "whole thing" at the client side (browser) for me in the cleanest way, for instance: Open the dialog for the user to choose the file to be signed; choosing the certificate from the token/smartcard; enveloping (effectivelly signing) the original document in a signed XML and finally doing the HTTP/HTTPS POST to my servlet.

user1150355
  • 31
  • 3
  • Write an applet? Your question misses details. – Eugene Mayevski 'Callback Jan 15 '12 at 14:07
  • @Eugene Well, if I do not have to write the applet by myself it would be better :), so I am looking for something (open source or not, since there must be some trickery here and there) that can just do the "whole thing" at the client side (browser) for me, for instance, enveloping the original document in a signed XML and doing the POST to my servlet. – user1150355 Jan 15 '12 at 17:42
  • these details should be provided in the question. You can update your question using the "edit" link under tags above. – Eugene Mayevski 'Callback Jan 15 '12 at 18:24

1 Answers1

0

Modern browsers no more support java applets or ActiveX. You will have to use Browser Extension which can access your local Certificate Store to sign hash on client's device.

For browser based signing scenarios, one such free Chrome extension provided by my Company is Signer.Digital chrome extension. Setup to be installed on client device may be downloaded from https://download.cnet.com/Signer-Digital-Chrome-Extension/3000-33362_4-78042540.html

Installing this host and restarting Chrome will automatically add Signer.Digital Chrome Extension

The actual working of this extension is illustrated here

Javascript to call method from extension:

    //Calculate Sign for the Hash by Calling function from Extension SignerDigital
    SignerDigital.signPdfHash(hash, $("#CertThumbPrint").val(), "SHA-256")      //or "SHA256"
     .then(
            function (signDataResp) {
              //Send signDataResp to Server
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

If success, returns Base64 encoded pkcs7 signature - use any pdf component to inject sign to pdf If Failed, returns error msg starting with "SDHost Error:"

Bharat Vasant
  • 850
  • 3
  • 12
  • 46