Signer.Digital
User guide (Under Construction)
×
Menu
Index
  • Digital Signing and Authentication from Web Browser
Digital Signing and Digital Signature based Authentication from Web Browser
 
Download the sample .NET Integration Project for Signer.Digital.Weblib with complete Source Code.
 
With digital economy and commerce progressing, more and more of the web applications require Digital Signing PDF Documents, files, eReturns (XML or JSON) etc, from user’s Browser using user’s local machine Key-store, USB Token or Smartcard. Older methods being java applets, Active X, etc which are phased out or are being phased out from the new Modern Browser offerings. 
 
Recently much is being talked about WebCrypto API but as of now, WebCrypto API does not provide access to (Windows) or any other Key stores or local crypto USB/Smartcard device. 
 
Also in most of the signing scenarios, for requirement to protect document or file or data to be signed within the server boundaries, it is not recommended to send complete document or file or data to be signed, to web browser. 
 
Thus, its good practice, to use JavaScript through browser extension to access some application running on local system which in turn access local Certificate Store or KeyStore and produce the signature and send back digital signature (PKCS7 or CMS container in case of PDF signing) to server where the signature may be injected back to the original document from which hash was created for signing and was sent to browser. For specific types of documents, especially pdf document, to extract hash of document and inject back signature, you may prefer to use PDF component to achieve this.
 
Certificates are mostly is being issued in USB Tokens or Smartcards.  To sign from browser using USB Token or Smartcard, the crypto device drivers (PKCS#11) library, on Windows device, has an additional layer called CSP (Crypto Service Provider) which acts like bridge between the device driver and OS Crypto services. Crypto device driver, once installed also adds this CSP and thus plunging the token or smartcard makes Certificates in it available in OS Certificate Store (which acts as handle to private key stored securely on the crypto device).
 
For signing from Browser as client, ActiveX or applets are no more supported by modern browsers. You may use Browser Extension for the purposes which has a native application running behind the browser to access Certificate Store and provide signing function through JavaScript in the browser. Signer Digital Browser Extension offers various type of signing form browser using JavaScript. Refer to 3 different SO answer links on the page Digitally Signing From Browser for various operations to be achieved using the Web Browser Extension.
 
For browser based signing scenarios, one such free Chrome extension available is Signer.Digital Chrome Extension. Local system (host running behind the chrome browser on windows) may be downloaded from CNet Download.
Installing this host and restarting Chrome will automatically add Signer.Digital Chrome Extension.
 
The actual working of this extension is illustrated here
 
User may use Signer.Digital Components and Libraries on server side to inject signature container returned by browser to original PDF file.
 
Download the sample .NET Integration Project for Signer.Digital.Weblib with complete Source Code.
 
JavaScript for different operations is as below:
 
Javascript to Sign PDF:

    //Calculate Sign for the Hash by Calling function from Extension SignerDigital
    SignerDigital.signPdfHash(hash, $("#CertThumbPrint").val(), "SHA-256")      //or "SHA256"
     .then(
            function (signDataResp) {
              //Send signDataResp to Server
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );
 
If success, returns Base64 encoded pkcs7 signature - use any suitable library or one provided by [Signer.Digital](https://www.signer.digital) to inject sign to pdf
If Failed, returns error msg starting with "SDHost Error:"
 
Javascript to create CMS and PKCS1 Signatures:

function getSignature(hash){
       //Sign GSTR Return Hash using Signer.Digital Chrome Extension
       //This method returns CMS (PKCS7) Signature
       SignerDigital.signGstHash(hash)
    .then(function(signature){
           //send signature to return filing server
       },function(error){
           //send error to server and/or report error to user
       });
   }

//For Income Tax Return signing use method:
//This method returns SHA256 Signature
SignerDigital.signITHash(hash, PAN)
 
To Register Certificate on Server:

//Get Selected Certificate Information 
SignerDigital.getSelectedCertificate()
    .then(
        function (CertInfo) {        
    //Success returns Certificate Subject and Thumbprint
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );
 
To authenticate or Login using Digital Signature:

SignerDigital.signAuthToken(authToken, "SHA-256")       //or "SHA256"
    .then(
        function (SignData) {        //Success returns Signed Auth Token
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );
 
Flow diagram to illustrate Client Browser side Digital Signature
 
Digital Signing and Authentication from Web Browser
---------------