使用JavaScript在浏览器的密钥库中访问签名/加密 - 示例代码? (WebCryptoAPI) [英] Accessing signing/encryption in a browser's Keystore using JavaScript - sample code? (WebCryptoAPI)
问题描述
我有一个Web服务器,只允许使用X509身份验证进行访问。奇迹般有效。现在我想将X509证书(存储在用户的浏览器密钥库中)的使用扩展到
I have a web server that allows access only using X509 authentication. Works like a charm. Now I want to extend the use of the X509 certificates (which are stored in the user's browser keystore) to
- 在发送数据之前对其进行签名到服务器(使用JavaScript和HTTPPost)
- 解密从服务器读取的数据(使用存储在那里的用户公钥加密)
我发现这个例子正在 RSA签名非常接近....只有它从HTML textarea获取密钥。我想从密钥库中读取它。现在加密非常不稳定:
I found this example doing RSA Signature which is pretty close.... only it does take the key from a HTML textarea. I want to read it from the key store. Now crypto is quite in flux:
- Mozilla
- w3C
- Internet Explorer 11++
- Chome and Chromium
我正在寻找签名和加密的一些工作示例(我有一些用Java,但不是基于浏览器的JavaScript)。
I'm looking for some working examples for signature and encryption (I have some in Java, but not browser based JavaScript).
非常感谢帮助
推荐答案
到目前为止W3C的WebCrypto标准是在窗口内指定一个javascript对象 crypto 来执行加密,数字签名,生成密钥等等JavaScript的。但是,访问本地密钥库以执行具有客户端密钥的签名等操作的标准方法尚未定义。所以现在javascript中没有一种常见的方法,每个浏览器都有自己的方式;在IE中你可以使用 ActiveXObject(CAPICOM.Store); ,使用firefox使用 window.crypto.signText(textToSign,问); (似乎现在已经弃用了,看看这里,实际api似乎不支持它:这里有更多信息),对于chrome我不确定是否使用 NativeSDK客户端可能是一种可能的方式。
By the moment the W3C's WebCrypto standard is specifying a javascript object crypto inside window to perform encryption, digital-signatures, generate keys and so on with javascript. However a standard way to access the local keystore to perform operations like signatures with client keys it's not defined. So nowadays there isn't a common way to do so in javascript, each browsers has it's own way; In IE you can do it with ActiveXObject("CAPICOM.Store");, with firefox using window.crypto.signText("textToSign", "ask"); (seems that now its deprecated, take a look here, actual api seems that doesn't support it: more info here), for chrome I'm not sure however using NativeSDK Client could be a possible way.
其他可能性也在使用这个技术目前存在的所有问题的Java小程序。
Other possibility is also using java applets with all problems this technology has these days.
还有一个在github上的项目,它封装了javascript中使用具有两种实现的公共对象进行签名的行为(仅限IE和firefox),我在几个月前尝试并使用IE / Firefox正常工作,现在使用firefox无法正常工作,因为api选项已被弃用,如果您好奇,请查看: Glamdring / js-signer
There is also a project on github which encapsulates in javascript the behavior to sign (only with IE and firefox) using a common object which has the both implementations, I try it months before and work correctly with IE/Firefox, now with firefox doesn't work because the api options are deprecated, if you're curious take a look at: Glamdring/js-signer
您也可以在我问类似问题的地方查看我的问题:带操作系统密钥库的chrome上的js签名
You can also check my question where I asked similar question: js signature on chrome with OS keystore
希望这有帮助,
这篇关于使用JavaScript在浏览器的密钥库中访问签名/加密 - 示例代码? (WebCryptoAPI)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
