/ Web Dev Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Digital Signatures with JavaScript

DZone's Guide to

Digital Signatures with JavaScript

by
Bozhidar Bozhanov
·
Feb. 05, 14 · Web Dev Zone
Free Resource

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Tips, tricks and tools for creating your own data-driven app, brought to you in partnership with Qlik.

Several years ago I used to work on a project that required the use of smart cards and digital signatures. I’ve already shared my experience with signing with javascript and then verifying the signature on the server side (with Java).

What I did today is to simply get the javascript, tidy it up and put it on GitHub (js-signer), so that people don’t need to copy-paste from a blogpost, and also to be able to update the project whenever there are new developments (for example Chrome and Safari implement DOMCrypt)

What are the use-cases of that? Electronic identification most often makes use of smart cards. And so software that requires to identify a citizen securely (most often banking or government software) and let him perform some actions online, needs to read the smartcards certificate details and to digitally sign content – e.g. you digitally sign your bank transfer, or you sign your request for a government service.

There are several ways to do that – e.g. Java Applet (like this one) or a custom-made ActiveX control. And while the applet and ActiveX is fine for internal use in organizations, where you can be sure that there’s Java installed or that everyone is using IE, these solutions are not so great for the mass public, because making the user install something is a bad user experience, and luckily not everyone is using IE. So a javascript solution must exist. Of course, the preconditions are, that the user has a digital signature, issued by a CA, and has followed the CA’s manual for installing the certificate in a browser. If these steps are not completed successfully, js-signer wouldn’t work.

Unfortunately, there’s no unified javascript solution. IE comes with CAPICOM, and Firefox has window.crypto. Safari and Chrome are waiting for a standard from W3C (DOMCrypt) before they implement window.crypto. That’s why js-signer currently supports only IE and FF, and the UX is a bit different with them.

I hope that more governments will go for electronic governance and use digital IDs (note: with the so called “anonymous credentials”, in order to ensure the privacy of citizens), and that browsers will follow and make it possible to handle smartcards without any hassle and without the need for 3rd party software.

Explore data-driven apps with less coding and query writing, brought to you in partnership with Qlik.

Like This Article? Read More From DZone

Angular JS: Conditional Enable/Disable Checkboxes
AngularJS: Resolving data services before instantiating the Controller and Template
Ext JS 4 CRUD example

Free DZone Refcard

Getting Started With Java-Based CMS
DOWNLOAD
Topics:
java ,html5 ,javascript ,tips and tricks ,electronic identification ,digital signatures

Comment (1)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Bozhidar Bozhanov, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Web Dev Partner Resources

A Guide to Modern Java Web Development with Crafter CMS
Getting Started with Node.js, Docker, and Kubernetes
Building and Optimizing Multi-Channel Web Experiences
The Lazy Developer's Guide to Authentication with Vue.js
See how top engineering teams are experimenting in any application. Watch a webinar on Optimizely Full Stack.
How to Build Ionic Apps with Secure User Authentication
7 Reasons Why Crafter Should Be On Your Web CMS Shortlist
Find inspiration for your data-driven app ideas with existing Qlik open source projects
Learn how to experiment server-side with Optimizely Full Stack. Watch a six-minute demo today.
Try Qlik Playground: a free programming environment to test the data-driven app of your dreams
See what’s possible — create data-driven apps faster by eliminating query writing
The Node.js ecosystem has done an absolutely fantastic job in providing tools that help speed development workflows and streamline the process of writing and shipping code.

Web Dev Partner Resources

A Guide to Modern Java Web Development with Crafter CMS
Getting Started with Node.js, Docker, and Kubernetes
Building and Optimizing Multi-Channel Web Experiences
The Lazy Developer's Guide to Authentication with Vue.js

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone