如何通过浏览器使用证书的私钥对文档签名(CAPICOM替代)? [英] How to sign the document with a certificate's private key from the browser (CAPICOM alternative)?
问题描述
因此,直到Windows 7为止,都有一个Microsoft ActiveX组件:CAPICOM,可以从Javascript调用该组件,然后显示客户端计算机上证书存储的内容。然后,客户可以选择适当的证书,并使用证书的私钥对某些文档进行签名。
这就是在Javascript中对证书存储的访问的样子:
So, till Windows 7 there was a Microsoft ActiveX component: CAPICOM, which one could call from Javascript and then show the contents of the certificate storage on the client's machine. The client then could choose the appropriate certificate and sign some document with the certificate's private key. That's how the access to the certificate storage looked in Javascript:
var MyStore = new ActiveXObject("CAPICOM.Store");
var oCertificates = new ActiveXObject("CAPICOM.Certificates");
// attempt to open the personal certificate store
MyStore.Open(CAPICOM_CURRENT_USER_STORE, "My", CAPICOM_STORE_OPEN_READ_ONLY);
如今使用CAPICOM的替代方法是什么?我希望客户端能够使用其私钥在浏览器中对某些文本进行签名,然后将具有公钥的已签名文本发送到服务器。
What’s the alternative to using CAPICOM nowadays? I want the client to be able to sign some piece of text with his private key in the browser and then send the signed text with the public key to the server. Is it still possible?
也许我可以使用Java或Silverlight代替纯JavaScript? PKI.js 和类似的东西呢?
Maybe I could use Java or Silverlight instead of pure JavaScript? What about PKI.js and similar?
推荐答案
通常,当前是不可能的是由于缺乏对Java或Silverlight浏览器的支持。
In general, currently is not possible due to lack of support of browsers to Java or silverlight.
Chrome不再支持NPAPI插件。 Firefox宣布它将在2017年停产,Edge不提供支持。微软已经弃用Silverlight,甲骨文也宣布弃用Java浏览器插件。只能使用IE的旧版本。
Chrome has dropped support to NPAPI plugins. Firefox has announced it will discontinue it in 2017, Edge has no support. Microsoft has deprecated Silverlight and Oracle has also announced the deprecation of the Java browser plug-in. Only old versions of IE could be used.
JavaScript密码库,例如 PKI.js ,伪造或内置的WebCryptographyApi 可用于执行数字签名,但是它们无权访问Operative System KeyStore ,因此您无法访问已安装的证书
Javascript cryptographic libraries such as PKI.js, forge or the built-in WebCryptographyApi can be used to perform digital signatures, but they do not have access to the Operative System KeyStore, so you can not access to the installed certificates
替代方法(不太令人鼓舞):
Alternatives (Not very encouraging):
- 使用 WebCryptographyApi 在浏览器中加载证书(不适用于智能卡)
- 启动设备上安装的本地应用,并使用嵌入式http通过协议调用服务器或使用chrome消息传递api
- 耐心等待 柯y Discovery Api ,它将提供对OS密钥库的WebCrypto访问权限
- Use WebCryptographyApi loading certificates in browser (not for smartcards)
- Launch a local application installed on your device and invoke via protocol, using an embedded http server or with chrome messaging api
- Wait patiently to Key Discovery Api which will provide with access to the OS keystore to WebCrypto
这篇关于如何通过浏览器使用证书的私钥对文档签名(CAPICOM替代)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
