A3 Web Application and Token without Local Installations

Asked

Viewed 160 times

2

My goal is a web system that serves as a bridge between a government service and the user, abstracting access and data exchange.
The user would access my web system and could perform actions, such as sending digitally signed documents to a government service (such as an xml).
However, in order to make this submission, the government’s Webservice, provides classes with access methods and in these classes there are some properties that need to be filled, such as the property ClientCertificate.Certificate on it I have to assign a type object X509Certificate2 with the subject matter of the customer’s certificate.

I managed to do using A1, the user uploads the A1 and enters the password, with the A1 file I can instantiate the object X509Certificate2 and assign it to the respective property in the class responsible for the data connection with the government Webservice.
I don’t know how I’d do A3, since I couldn’t upload the public/private key. I’ve seen that the browser can access the certificate list on the machine, but I don’t know how to instantiate an object X509Certificate2 on the server using this method, not even if it is feasible for a web application.

In short, my question is:
It is possible (or feasible) a web application to access the local keys and data of an A3 token to communicate with a government Webservice?

Extra questions: How is browser access to certificates in the user store done? How would I fill an object X509Certificate2?

1 answer

1

Diego, I basically go through the same problem. After doing a lot of research, I chose to use only A1 certificates in cloud system cases.

My conclusion was this: If my API or service is running on the server and the A3 certificate is on the client, for each call the client will always have to send me the certificate. With this I limit myself to work only with incoming requests. You could not, for example, add a service that does a particular operation that depends on the certificate in a timer (or some routine - in this case it was for application in the NF-e recipient’s tax notes service).

Depending on the need, you can make a desktop system Tryon or a windows service on the client that makes these calls, so you could use A3 certificate (including setting the password automatically when applicable). However, the problem of a timer as I mentioned above would be in this app on client.

I have already used a way to create a certificate "server" for the client’s local network. He had an A3 certificate and several users did the NF-e broadcast, with that every broadcast rule I put in this NF-e communicator

Working with A1 I leave it saved on the web server, in my case saved in string format in Base64. And I have full autonomy on it.

Well I didn’t solve anything for you(haha), but as we are in the same boat is worth the exchange of experience.

  • 1

    "I didn’t solve anything for you" My brother, this report helped too much and left me much closer to the most practical solution to my problem, I thank you so much for sharing your experience. A1 I did the same thing you do, it’s super quiet. I think that A3 pro will end up having to make a little application windows Forms same, or something like, that the client installs local and I create a communication logic between the server and the application.

  • @Diegopenha was worth partner! If you can help I am available. Hug.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.