Kevin Bui
Reputation: 524
How to use hwcrypto.js check persons use usb-token
I am currently developing a web based signing system use hwcrypto When user plug usb-token device to computer then click button, it prompt select certificate and enter password:
window.hwcrypto.getCertificate({lang: lang, filter: filter})
.then(function(cert) {
window.hwcrypto.sign(cert, {type: hashtype, hex: hash}, {lang: lang})
.then(function(signature){
// call jquery ajax to do some important thing
$.ajax({
url: 'index.php?action=very_important_action',
dataType: 'html',
success: function(response) {
console.log(response);
});
});
});
It works, but i worry users call ajax function directly not use usb-token. How can I protect that?
Upvotes: 1
Views: 877
Answers (1)
Aseem Upadhyay
Reputation: 4537
I have a few approaches in mind, but it depends on your implementation -
- You can set the usb-token in your local storage, and the page that is being requested has the check that usb-token field should already be available in the local storage.
- You can check for every ajax request that is being made, by using
$.ajax.beforeSendand check if you have usb-token available. - You can send the token as a query parameter and check in the page that is being requested, that if the parameter containing the token exists or not.
Upvotes: 1
Related Questions
- How to get HMAC with Crypto Web API
- How to decide if a device can login with Webauthn's fingerprint in Javascript?
- Finger print scanner with webusb
- How to verify a signed JWT with SubtleCrypto of the Web Crypto API?
- Javascript - key / certificate from USB Token
- Verifying Browserid Assertions in JavaScript with Web Cryptography API
- Reading data from a security token in a browser
- Password Checker pure js. How to check against the rules in Password Checker
- HMAC verification API in javascript
- USB Token for autentication in website form