Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Digitally sign data in browser using smart card or certificate

I need to create digital signature of some XML data with a client certificate(smart card) using web browser. Usually I used to do it with a java applet executing on the client side. The benefit being multiplatform in terms of OS and browsers.

However this option is getting increasingly harder and harder to implement and support in the long term. Virtually all browsers require some sort of action in order to execute such applet, code signing with a trusted certificate is almost mandatory nowadays, new manifest attributes and so on. Well there is nothing wrong with some extra layer of security and I am ok with that.

However Google Chrome as of April 2015 has stopped support for Java applets (and other plugins as well) - there is a configuration switch but it won't be available for much longer as stated here.
Mozilla Firefox does not have end of support date for NPAPI but they call it "legacy technology".
As for IE - it does not support plugins in Modern UI.

So with Java applets no longer really a universal option what are my choices?
What I have investigated so far:

  • ActiveX - IE only
  • Silverlight - no access to certificates at all and as a plugin faces the same limitations as Java
  • Browser specific extensions; For example Firefox up until version 33 used to have window.crypto.signText but not anymore
  • local applications installed on the client - not easy to install, support, develop and update for several OS and their different versions.
  • Web Cryptography - "only basic cryptographic functions", no certificates support

I ran out of ideas. All suggestions are welcome and appreciated.

like image 709
Plamen Ignatov Avatar asked Apr 16 '15 11:04

Plamen Ignatov


1 Answers

I did same research few weeks ago, and the first option for me is migrate to firefox (at least for now).

An alternative, could be migrate applets to JNLP java client application (maybe with some websocket/restful synchronization between java client/server/web page).

I think the options that you mentioned have less support among browsers than java applet.

like image 140
Gabriel Avatar answered Oct 08 '22 20:10

Gabriel