User Authentication from Browser using Digital Sig

2020-01-23 04:56发布

I would like to know JavaScript code for user authentication from browser with digital signature on client’s USB Token or Smart Card. But I don’t understand how to digitally sign login request, say authtoken, or UserID and Passwrd from browser using USB Token. I need a popup on browser to select certificate form USB Token. My user have USB tokens of various makes and respective driver installed on their PC.

I need a solution where user don't have to select tokken driver.

1条回答
我想做一个坏孩纸
2楼-- · 2020-01-23 05:45

Methods like java applets, Active X, etc are being phased out from the new Modern Browser offerings. Recently much is being talked about WebCrypto API but as of now, WebCrypto API does not provide access to (Windows) or any other Key stores or local crypto USB/Smartcard device.

For Authentication from Browser using Digital Signature, one such free Chrome extension available is Signer.Digital chrome extension. Local system (host running behind the chrome browser on windows) setup may be downloaded from https://signer.digital/downloads/Signer.Digital.Chrome.Host.Setup.zip Installing this host and restarting Chrome will automatically add Signer.Digital Chrome Extension

The actual working of this extension is illustrated here

Testing Steps:

  1. Install Device Drivers for your USB Token or Smart Card - This should make your Certificate in Windows Certificate Store

  2. Install setup indicated above.

  3. Restart Chrome Browser.

  4. Open this link

  5. Put UserID & Password and click Register button – this will ask to select Digital Signature and register it on server (For this session only – not permanent).

  6. Then again put same UserID and Password and select same Certificate and click Login. Selecting different certificate will not allow login.

Javascript to call method from extension:

To Register Certificate on Server:

//Get Selected Certificate Information 
SignerDigital.getSelectedCertificate()
    .then(
        function (CertInfo) {        
    //Success returns Certificate Subject and Thumbprint
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

To authenticate or Login using Digital Signature:

SignerDigital.signAuthToken(authToken, "SHA-256")       //or "SHA256"
    .then(
        function (SignData) {        //Success returns Signed Auth Token
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

To sign PDF:

    //Calculate Sign for the Hash by Calling function from Extension SignerDigital
    SignerDigital.signPdfHash(hash, $("#CertThumbPrint").val(), "SHA-256")      //or "SHA256"
     .then(
            function (signDataResp) {
              //Send signDataResp to Server
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

If Failed: returns error msg starting with "SDHost Error:"

User Authentication from Browser

Web Authentication using Digital Signature

查看更多
登录 后发表回答