Reputation: 13
PDF online digital signature
We are building a Java website to share documents with users.
Once a user access to his documents, he can digitally sign them with his certificate (It is stored on client-side).
The requirement is an on-line sign with a “sign button” on the documents list.
We researched ways to accomplish the requirement but apparently, there is not a way to do that without using Java Applet or a secured server that contains the users certificates.
We know what other solution would be use Itext on a stand-alone Java Application but that is not an online solution.
The question is:
Is there a way to access to the user's key-store or load the certificate from the file system on the sign process without use an applet?
Thanks and regards.
Upvotes: 1
Views: 4118
Answers (3)
Reputation: 935
Modern browsers does not support applets. For browser based signing scenarios, my company has published free Chrome extension Signer.Digital and setup may be downloaded from cNet using link https://download.cnet.com/Signer-Digital-Chrome-Extension/3000-33362_4-78042540.html Installing this host and restarting Chrome will automatically add Signer.Digital Chrome Extension
Javascript to call method from extension:
//Calculate Sign for the Hash by Calling function from Extension SignerDigital
SignerDigital.signPdfHash(hash, $("#CertThumbPrint").val(), "SHA-256") //or "SHA256"
.then(
function (signDataResp) {
//Send signDataResp to Server
},
function (errmsg) {
//Send errmsg to server or display the result in browser.
}
);
If Failed, returns error msg starting with "SDHost Error:"
If success, returns Base64 encoded pkcs7 signature - as you said, use iText or any suitable library to inject sign to pdf.
Disclosure: I work for CISPL (Signer.Digital)
Upvotes: 0
Reputation: 1856
@pedrofb is right, you won't, without the help of a plug-in, be able to access the certificate store on the host.
You can in browser use WebCrypto with a library like PKIjs load a key into the browser and sign with it, you can also verify the PDFs signature if you like. Here are some related examples:
- https://pkijs.org/examples/PDFexample.html
- https://pkijs.org/examples/PKCS12SimpleExample.html
- https://pkijs.org/examples/PKCS10_complex_example.html
- http://unmitigatedrisk.com/?p=543
You can see https://hwcrypto.github.io/ for a discussion, and plug-ins that provide access to smart cards within the browser.
Upvotes: 0
Reputation: 39241
It is not possible to use a certificate installed on system/browser keystore using javascript due to security restrictions
An alternative solution is to install on the client an application with an embedded web server and send the document from the webpage to be signed at the moment. This application can use the keystore and include the itext library.
If the user has a certificate file (.p12/.pfx) it is possible to load the content using WebCryptographyApi and sign the document in client side (without uploading certificate to server. See How to load a PKCS#12 Digital Certificate with Javascript WebCrypto API
Upvotes: 1
Related Questions
- Digitally Signing a PDF in Modern Firefox/Chrome/Edge Browsers
- digitally sign pdf in browser
- Digital Signature For PDF Documents
- Verifying digital signatures in PDF documents
- Implement Digital Signature in Client /Web Server Architecture
- Digital signature in PDF
- Digital Signatures of XML, PDF and Office Documents on every platform
- How to implement digital signature
- Digital signature in browser without ActiveX/Java applet
- Digitally sign pdfs