Is it possible to create a 100% cloud service to sign documents with digital certificate?

Asked

Viewed 437 times

-1

My idea, well summarized, is to upload a file in the browser, where the browser will ask the user to select the certificate and thus the site will return the signed document.

Li in this topic a way to do with C# and Asp.net using iTextSharp, which works inside Visual Studio in debug, but when I put it on the server it doesn’t work. Returning the error below:

Message: The current session is not interactive. | Hresult: -2146233079

I understand that it is because, in my code, it tries to open the certificates that are installed locally on the machine, but I would like to use the certificate of the customer who is accessing the site.

I tried then, use as described below, since my IIS requires an SSL certificate on the connection to be accessed:

//Recuperar dados do certificado selecionado pelo cliente no handshake
var Certificate = Request.ClientCertificate.Certificate;
X509Certificate2 cert = new X509Certificate2(Certificate);

However, when I use the method to sign the document, passing this certificate as parameter, I return the error:

Message: No private key. | Hresult: -2147024809

Which makes sense, since the private key should not be shared on the internet.

Anyway, everything I read so far indicates that I will have to have at least one plugin installed on the client’s computer, to pick up the private key and make the signature.

Is there any alternative? What would be the best way to do?

digital-signature certified

1 answer

0


I also have the same problem. We were using applets, but this solution is horrible for several reasons and the main and most recent is that from the Java 9 platform (SDK and JRE), the applets have become obsolete, mainly because browser companies like Google and Mozilla decided to discontinue plugin support NPAPI (flash, java, etc.).

Luckily for us, there are many Javascript solutions that can cover the distance between a smartcard on the client’s computer (or another client’s device) and the browser. However, the main solution is written in C++, the Firebreath.

You can take a look at Webcrypto API W3C.

There are recommendations on online document signing to avoid such a form of signature, because when the browser connects to the smartcard reader, it opens some security loopholes.

Some approaches to signing documents with the customer certificate involve creating native applications that run on the device and not in the browser. As an example of Digicert.

I’m still studying solutions, but I already have a starting point.

  • I found another post, there they also comment on the Webcrypto API https://stackoverflow.com/questions/10667840/is-it-possible-to-sign-a-certificate-programmatically-in-a-browser Thanks.

Browser other questions tagged digital-signature certified

You are not signed in. Login or sign up in order to post.