Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Example request for signing in the browser and key loading #71

Open
spyhunter99 opened this issue Aug 12, 2018 · 1 comment
Open

Example request for signing in the browser and key loading #71

spyhunter99 opened this issue Aug 12, 2018 · 1 comment

Comments

@spyhunter99
Copy link

Basically, I'd like to be able to digitally sign an xml doc in the browser using a browser supplied certificate. I see the examples for signing using a randomly generated keypair but is it possible to load it from the browser's api?

@rmhrisk
Copy link
Contributor

rmhrisk commented Aug 13, 2018

Sounds like you want to use a certificate that is enrolled locally into the operating system?

The samples here utilize what I have been calling a browser bound certificate, the key pair and certificate being created within the security boundary of the browser.

An application we have made called Hancock uses this concept to enroll for a certificate from a CA and in turn uses that certificate for signing. I explain this to say, mainly for posterity sake, that the samples are not using a randomly generated key pair (though for brevity sake I suppose there may be an example or two of this) but certificates generated within the browser.

I suspect what you are asking is if you can use a certificate and key stored in CryptoAPI, NSS or OSX Crypto. Browsers by design, do not provide a mechanism to escape the security boundaries it providers, this includes giving web applications un-fettered access to cryptographic keys and certificates.

With that said we have built a client you can install that does enable the base scenario I think you are asking about, check out Fortify, here is a post I did about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants