2

I am working on a cloud-based solution and I would like to encrypt / decrypt the data locally using either a SmartCard or local Machine certificate. I'm hoping to do this in Javascript, but may resort to Silverlight, ActiveX, or Flash (in order of preference)

My idea is to use this in conjunction with broadcast encryption to allow for concurrent access to encrypted data in the cloud.

Is there an API common among smartcard vendors that exposes itself to the browser? (marked safe for scripting)

Is there any chance of creating a cross platform solution?

Community
  • 1
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • 1
    It may be worth to look at [WebID](http://webid.info/). You may not need the social network and profile part. But it shows how the key handling can be done. It supports smartcards. – Hendrik Brummermann Oct 08 '11 at 22:50

2 Answers2

2

All major browsers support client SSL certificates for authentication of SSL/TLS tunnels.

However, doing any directly crypto in javascript is a bad idea and as a such the browsers do not allow any access to the certificates at all (infact, they won't even give use extension API's to implement firefox extensions like perspectives, convergence and certificate patrol without some very ugly hacks and including our own implementations).

If you want to just use the browser implementation as is, then you are fine, you just send a command over ordinary https to tell it to generate client certificate or have your uses import the certificate file into the browser and make sure the server sends the optional please send client cert in the TLS/SSL handshake, of course this does not allow local encryption.

ewanm89
  • 2,043
  • 12
  • 15
0

With modern browsers, you may achieve the same in browsers using JavaScript using Browser Extensions. My company provides such free extension Signer.Digital Browser Extension on Windows and Linux. Chrome and Edge and Firefox

Windows Host may be downloaded from https://signer.digital/downloads/Signer.Digital.Browser.Extension.Setup.msi

On windows, we don't need PKCS#11 but we use Windows CSP. Thus, USB token driver must be just installed on Windows client device for this to work from web browser, but does not require any configuration.

RSA Encrypt: (Using private key of user)

SignerDigital.encryptB64Data(b64Data, useOAEPPadding, certThumbPrint = "", showExpired = false, keyUsageFilter = 32)

RSA Decrypt: (Using private key of user)

SignerDigital.decryptB64Data(b64Data, useOAEPPadding, certThumbPrint = "", showExpired = false, keyUsageFilter = 32)

I have also given code examples on this SO Answer

Bharat Vasant
  • 284
  • 1
  • 8