admin管理员组文章数量:1289638
So I'm stuck with this problem:
IE Edge no longer allow applets, activeX, etc. ,
and I have this applet that is used for digital signature,
the idea is to extract the private key from the KEY file in the client side, in that way the private key never leaves the client's puter, that is a requirement for security, it can't be avoid :(
I'm looking for APIs or frameworks, but I can't found a way to solve this,
with jsrsasign the examples uses a PEM file but my users have .CER + .KEY + password, in java I can do it, but I need to do it in javascript or in something on the client side.
and, reading the Web Cryptography API and some examples I found, they generate NEW private and public keys to sign BUT they never READ an existing CERTIFICATE
does anybody have this problem or know a framework I could use? please heeeelp!
So I'm stuck with this problem:
IE Edge no longer allow applets, activeX, etc. ,
and I have this applet that is used for digital signature,
the idea is to extract the private key from the KEY file in the client side, in that way the private key never leaves the client's puter, that is a requirement for security, it can't be avoid :(
I'm looking for APIs or frameworks, but I can't found a way to solve this,
with jsrsasign the examples uses a PEM file but my users have .CER + .KEY + password, in java I can do it, but I need to do it in javascript or in something on the client side.
and, reading the Web Cryptography API and some examples I found, they generate NEW private and public keys to sign BUT they never READ an existing CERTIFICATE
does anybody have this problem or know a framework I could use? please heeeelp!
Share Improve this question edited Apr 18, 2016 at 22:39 Alfredo M asked Nov 12, 2015 at 18:40 Alfredo MAlfredo M 5683 gold badges8 silver badges29 bronze badges 5- so, if I understood it correctly, you have an applet that already works in IE BUT doesn't work on Edge which is why you're trying to replicate the same process using the new API (or any API available for that matter)? – securecodeninja Commented Nov 12, 2015 at 23:20
- stackoverflow./a/32536332/2104560 – user2104560 Commented Nov 13, 2015 at 3:17
- yes, that's the problem @RomanCanlas – Alfredo M Commented Nov 13, 2015 at 17:52
- another question - is your web app public facing or just within your organization? – securecodeninja Commented Nov 13, 2015 at 18:16
- mainly, is for a private intranets @RomanCanlas – Alfredo M Commented Nov 13, 2015 at 18:30
3 Answers
Reset to default 3So the answer was to use JSRSASIGN (http://kjur.github.io/jsrsasign/) in the examples posted in github it uses PEM files, I build an example to use CER+ KEY + PASSWORD >> https://github./alfredomova/firmaJs-with-jsrsasign-example,
for that specific example i used sparkMD5(https://github./satazor/SparkMD5) to calculate the file's hash.
Modern browsers no more supports ActiveX, applets. WebCrypto API generates and uses keys dynamically but does not have capability to access Certificates from Certificate Store.
The accepted answer provided by Alfredo M, who has also asked question, points to JavaScript to handle cryptography in browser which does not talk about accessing local Certificate Store. Recently Certificates are not being generated/issued as pfx (or PEM) files but on Cryptographic device like USB Token or smart card.
Thus we need to use Browser Extensions for modern browsers where application running behind the Browser can access Certificate Store and sign the hash. One such browser extension is provided free by my Company. You just need couple of lines of JavaScript code to call methods provided by any Browser Extension to achieve Digital Signing from modern Browser. If you just want to sign files or eReturns, you don't need any server side ponent. If you want to sign pdf, you may need pdf ponent on server side.
You don't necessarily need to force your web app to work in Edge since it no longer support the legacy technologies that your web app is using.
"Use Enterprise Mode with Microsoft Edge to open Internet Explorer 11 for your business’s sites that require IE’s proprietary technologies."
Include your site on the Enterprise Mode Site List so it will open in IE11 automatically:
Once Edge detects that your web app is using propietary technologies, it will tell you to open your site in IE11.
The steps and the details can be found in this blog post by the Microsoft Edge team and check the user experience section of the blog so you'll get the idea of the UX it will bring to your users once implemented:
http://blogs.windows./msedgedev/2015/08/26/how-microsoft-edge-and-internet-explorer-11-on-windows-10-work-better-together-in-the-enterprise/
本文标签: internet explorerDigital signature with JavascriptStack Overflow
版权声明:本文标题:internet explorer - Digital signature with Javascript - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741480191a2381121.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论