发表新帖
发表新帖

Accessing signing/encryption in a browser's Keystore using JavaScript - sample code? (WebCryptoAPI)

后端 未结
关注
3 1690
北荒
北荒 2020-12-05 15:26

I have a web server that allows access only using X509 authentication. Works like a charm. Now I want to extend the use of the X509 certificates (which are stored in the use

相关标签:
3条回答
  • 被撕碎了的回忆
    2020-12-05 15:48

    It is not possible to access the "local keystore" within the browser. Browsers slowly removing access to things that break the Same Origin Policy enforced by browsers. This includes things like plug-ins, the keygen tag, etc.

    PKIjs was built with Same Origin Policy PKI in mind, here is a post I did on that topic - https://unmitigatedrisk.com/?p=503

    0 讨论(0)
  • 情深已故
    2020-12-05 15:57

    GlobalSign/PKI.js has support for X.509 certificates.

    Public Key Infrastructure (PKI) is the basis of how identity and key management is performed on the web today. PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications. It is built on WebCrypto (Web Cryptography API) and aspires to make it possible to build native web applications that utilize X.509 and the related formats on the web without plug-ins.

    0 讨论(0)
  • 梦毁少年i
    2020-12-05 16:06

    By the moment the W3C's WebCrypto standard is specifying a javascript object crypto inside window to perform encryption, digital-signatures, generate keys and so on with javascript. However a standard way to access the local keystore to perform operations like signatures with client keys it's not defined. So nowadays there isn't a common way to do so in javascript, each browsers has it's own way; In IE you can do it with ActiveXObject("CAPICOM.Store");, with firefox using window.crypto.signText("textToSign", "ask"); (seems that now its deprecated, take a look here, actual api seems that doesn't support it: more info here), for chrome I'm not sure however using NativeSDK Client could be a possible way.

    Other possibility is also using java applets with all problems this technology has these days.

    There is also a project on github which encapsulates in javascript the behavior to sign (only with IE and firefox) using a common object which has the both implementations, I try it months before and work correctly with IE/Firefox, now with firefox doesn't work because the api options are deprecated, if you're curious take a look at: Glamdring/js-signer

    You can also check my question where I asked similar question: js signature on chrome with OS keystore

    Hope this helps,

    0 讨论(0)
 看不清?
提交回复
热议问题