Signer.Digital Browser Extension for Modern Browsers
Visit https://web.signer.digital to check working samples of PDF Signing, PKI Authentication, CSR Generation and Certificate Import.
Signer.Digital Browser Extension is completely free for unlimited uses by end users.
With digital economy and commerce progressing, more and more of the web applications require Digital Signing PDF Documents, files, eReturns (XML or JSON) etc, from user’s Browser using user’s local machine Key-store, USB Token or Smartcard. Older methods being java applets, Active X, etc which are phased out or are being phased out from the new Modern Browser offerings.
Recently much is being talked about WebCrypto API but as of now, WebCrypto API does not provide access to (Windows) or any other Key stores or local crypto USB/Smartcard device.
Also in most of the signing scenarios, for requirement to protect document or file or data to be signed within the server boundaries, it is not recommended to send complete document or file or data to be signed, to web browser.
Thus, its good practice, to use JavaScript through browser extension to access some application running on local system which in turn access local Certificate Store or KeyStore and produce the signature and send back digital signature (PKCS7 or CMS container in case of PDF signing) to server where the signature may be injected back to the original document from which hash was created for signing and was sent to browser. For specific types of documents, especially pdf document, to extract hash of document and inject back signature, you may prefer to use PDF component to achieve this.
Certificates are mostly is being issued in USB Tokens or Smartcards. To sign from browser using USB Token or Smartcard, the crypto device drivers (PKCS#11) library, on Windows device, has an additional layer called CSP (Crypto Service Provider) which acts like bridge between the device driver and OS Crypto services. Crypto device driver, once installed also adds this CSP and thus plunging the token or smartcard makes Certificates in it available in OS Certificate Store (which acts as handle to private key stored securely on the crypto device).
For signing from Browser as client, ActiveX or applets are no more supported by modern browsers. You may use Browser Extension for the purposes which has a native application running behind the browser to access Certificate Store and provide signing function through JavaScript in the browser. Signer Digital Browser Extension offers various type of signing form browser using JavaScript. Refer to 3 different SO answer links on the page Digitally Signing From Browser for various operations to be achieved using the Web Browser Extension.
For browser based signing scenarios, one such free Chrome extension available is Signer.Digital Chrome Extension. Chrome extension is also supported by New Microsoft Edge Chromium browser. For Mozilla Firefox, extension is available at Signer.Digital Firefox Extension
Local system (host running behind the browser on windows) may be downloaded from CNet Download.
Installing this host and restarting browser will automatically add Signer.Digital Browser Extension.
Flow diagram to illustrate Client Browser side Digital Signature
