Menu
I'm working on the project where the user needs to do a digital signature on a document. I checked in the google and know about sinadura which is a desktop application but I need to invoke this into my web application.
I installed alfresco community edition on Linux server (https://www.alfresco.com/thank-you/thank-you-downloading-alfresco-community-edition) and followed the instruction as below GitHub link.
https://github.com/zylklab/alfresco-sinadura
I've implemented successfully with above instructions. But Alfresco is the big project and given several other features too. But I don't need that and I just need to implement digital signature part into my own web application similar to alfresco
How to implement the digital signature part in my existing project? Can anyone please give a suggestion
854
At the organization level, click the Admin icon and navigate to Custom Fields > Custom Forms. Scroll down to the HTML section. The text area appears where you can edit your HTML. In the HTML text area, In the <head> tag of the digital form, enter the applicable JavaScript for the signature.
The security restrictions of browsers do not allow javascript access to the system certificate keystore or smart cards. Formerly java applets could be used, but with the latest browser updates it is no longer possible.
Current solutions for digital signature in browsers require the installation of a desktop software on the user's computer. The operating process is as follows:
Installation: The user installs the desktop software on his computer. The software installs a self-signed certificate and includes an embedded browser that listens on a computer port and runs it as a service
The web application requests a signature to the local software using a secure web connection. For example https://localhost:1234/sign?doc=xxxx. The browser waits for the result
The local application receives the document, asks the user to select the certificate or enter the card and make the signature. As it is a local application, there are no security restrictions
The web application receives the result. It can query the local application through a REST service or open a websocket.
The concept is simple (a web application that requests the signature to a local application), but the construction of an application of this type is quite complex because you have to take into account many other factors:
Software installation and distribution
Security and Encryption
Digital signature formats: XAdES, CAdES, PAdES etc. They can be implemented in the application or use a signature service in 3 phases, where the documents are on the server and a single hash is signed locally
So I recommend using an existing solution:
@firma + Autofirma: Open-source solution promoted and used by the public administration in Spain
SD-DSS + nexU(lowina): Open-source solution promoted by the European Commision. Check the demo here
chrome token signing: Chrome and Firefox extension for signing with your eID on the web developed for the Estonian government
Sinadura is also an open-source initiative, and from what I've seen it works in a similar way, but I do not know if it has important references and I have not found the API
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
