问题
Here is what I want to do:
- user creates document (html)
- edit -> save PDF on server
- ask if user wants to sign the document
- (yes) here is the problem
- (no) no problem
- ???? (not important)
So now the problem I face is how to do that (yes) in step 3. If the signature is on the server no problem, I have some html->php->pdf classes that can sign with digital signatures but the signature must be on the server as a file. The question is, how can I do it directly on the server. The user chooses yes, the signature is read (from his reader on his computer) and send to the server and signing is done. Here I believe I can't do it without something like Java or so. In my opinion PHP and JavaScript sure as hell aren't going to be enough for this action.
Has anyone ever encountered a problem like that? Maybe some ready to use library?
P.S. not quite sure if the tags are correct, but couldn't figure out which to put.
回答1:
If the certificate with a private key is on the client, then you need a client-side module to do signing. JavaScript won't be enough as it won't have access to the key on the client. While you can try calling CAPICOM from JavaScript, this is a partial (no PKCS#11 support), Windows-specific and obsolete solution. Better option is to have a browser applet written in Java that will perform signing (see below).
Our SecureBlackbox product has a distributed signature add-on which does exactly what you describe (PHP, Java, ASP.NET and compiled modules are supported at the moment). You can see the scheme how the add-on works:
In our product we offer pre-built browser modules - Java Applet, ActiveX control and Flash applet, yet Java applet is in most cases enough as it can access PKCS#11 storages and Windows Certificate storage on Windows. For browsers that don't support Java applets SecureBlackbox allows to use the applet via Java Web Start, as an external "application".
You will probably need to re-create this complete scheme, however it's a big trick to calculate the hash on the server and pass it to the client for signing and then embed the signature back to the document.
It would probably be easier to transfer the complete document to the client and have a Java applet that will sign that document using iText or Java edition of our SecureBlackbox and then upload the document back to the server.
回答2:
The flow diagram by @Eugene Mayevski 'Allied Bits is a very good representation of signing process from browser, Older methods being java applets, Active X, etc which are phased out or are being phased out from the new Modern Browser offerings.
https://www.java.com/en/download/faq/chrome.xml
The Java Plugin for web browsers relies on the cross-platform plugin architecture NPAPI, which had been supported by all major web browsers for over a decade. Google's Chrome version 45 and above have dropped support for NPAPI, and therefore Java Plugin do not work on these browsers anymore.
I am bit late, but writing this post hoping the answer would be helpful for someone still looking for browser extension to sign PDF from USB token and MODERN Browser.
Please refer to my answer in this stackoverflow post to check JavaScript and Signer.Digital Browser extension usages.
Java or .NET Digital Signing component by Signer.Digital or any provider may be used to digitally sign PDF from Browser USB token.
For PHP, Java component may be used through JavaBridge running on Tomcat through Apache proxy to digitally sign PDF from Browser USB token and PHP on server side.
Hope this helps!
来源:https://stackoverflow.com/questions/10656100/signing-pdfs-on-a-server-document-using-a-signature-from-the-user