Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Digital signature from electronic smartcard in Chrome

For an electronic prescription system, that runs on the browser and that requieres personal signature by the professional, we are using a Java applet to sign the XML request, that then is sended to a WS, using a smartcard.

But since version 42, Chrome is disabling by default NPAPI support, and in future versions next to September 2015 it will be completely disabled and then applets won't be usable at all.

At Chrome NPAPI deprecation page points to WebCrypto and TLS as alternatives. But it seems that WebCrypto has leaved out of scope the support of smartcards , and it seems that TLS is only about cryptographic protocols and it doesn't provides a way to use an electronic cards.

Has someone used a completely browser native solution to sign documents and have a good control of the process. At least it will be nedeed:

  • No confirmations and no visualitzation of the XML request that is signed by the user. Because what is signed is an internal technical request that has no value to the user, and the application runs in a controlled and trusted system in internal LAN.
like image 802
lujop Avatar asked Apr 22 '15 15:04

lujop


1 Answers

We faced the same problem, came up with a solution (native messaging, yes)

https://github.com/open-eid/chrome-token-signing

like image 87
Martin Paljak Avatar answered Sep 22 '22 02:09

Martin Paljak