如何使用JavaScript形式的浏览器和用户的USB令牌对GST返回或eReturn进行数字签名?我可以使用WebCrypto API吗? [英] How to Digitally Sign GST Return or eReturn using JavaScript form Browser and USB Token of user? Can I use WebCrypto API?

问题描述

正在寻找使用USB令牌从浏览器中签署GST或所得税电子申报表的Javascript代码.

解决方案

最近，有关WebCrypto API的讨论很多，但截至目前，WebCrypto API尚不提供对(Windows)或任何其他密钥存储区或本地加密USB/的访问权限.智能卡设备.较旧的方法是Java applet，Active X等，这些方法已被淘汰或正在从Modern Browser产品中淘汰.

大多数Web应用程序都需要使用用户本地计算机的密钥存储区，USB令牌或智能卡从用户的浏览器进行数字签名pdf文档，文件，eReturns(XML或JSON)等.

在大多数签名方案中，出于保护服务器边界内数据的要求，也不建议将完整的pdf文件或数据发送到浏览器或签名API服务器.

因此，优良作法是通过浏览器扩展使用JavaScript来访问在本地系统上运行的某些应用程序，以访问本地KeyStore并生成签名，并将签名(如果是PDF签名，则发送回PKCS7或CMS容器)到服务器，在该服务器上签名可能会被注入回PDF或eReturn，从中创建哈希以进行签名并将其发送到浏览器.

对于基于浏览器的签名方案，Signer.Digital chrome扩展程序是一种可用的免费Chrome扩展程序.可以从 Signer.Digital Chrome扩展程序

此扩展的实际工作在此处进行了说明，并提供了指向完整代码的链接-完整的C#源代码.

使用Signer.Digital扩展示例JavaScript和服务器端伪代码代码来签署GST返回

function getSignature(hash){
       //Sign GSTR Return Hash using Signer.Digital Chrome Extension
       //This method returns CMS (PKCS7) Signature
       SignerDigital.signGstHash(hash)
    .then(function(signature){
           //send signature to return filing server
       },function(error){
           //send error to server and/or report error to user
       });
   }

//For Income Tax Return signing use method:
//This method returns SHA256 Signature
SignerDigital.signITHash(hash, PAN)

文件GSTR3B的服务器端伪代码示例如下:

1. 用户单击了浏览器上的FileReturn按钮.
2. 调用方法下载GSTR3B返回摘要-ApiAction"RETSUM"
3. 调用方法从上面的步骤2计算出ResponsePayload的哈希值.
4. 在上述步骤中发送哈希进行签名，其中上述JavaScript方法将使用SigherDigital Extension方法获得GSTR返回哈希签名.
5. 将签名(如上面的JavaScript中所示)返回给Web应用程序服务器，该Web应用程序服务器将继续对GSTN服务器进行GSTR3B Filing API调用.

如果您正在使用 TaxProGST.API 免费库来归档GSTR3B伪代码如下所示:

1. 用户单击了浏览器上的FileReturn按钮.
2. 调用方法GSTR3BAPI.GetGstr3BDataSchedulePayloadAsync –下载GSTR3B返回摘要-ApiAction"RETSUM"
3. 调用方法GSTR3BAPI.ComputeReturn3BHash(上述步骤2中的ResponsePayload)
4. 在上述步骤中发送哈希进行签名，其中上述JavaScript方法将使用SigherDigital Extension方法获得GSTR返回哈希签名.
5. 将签名(如上面的JavaScript中所示)返回到Web应用程序服务器
6. 服务器应用程序将使用方法GSTR3BAPI.FileReturn3BFromBrowser继续对GSTN服务器进行GSTR3B归档API调用

Looking for Javascript code to sign GST or Income Tax eReturns from Browser using USB Token.

解决方案

Recently much is being talked about WebCrypto API but as of now, WebCrypto API does not provide access to (Windows) or any other Key stores or local crypto USB/Smartcard device. Older methods being java applets, Active X, etc which are phased out or are being phased out from the Modern Browser offerings.

Most of the web applications require Digital Signing pdf documents, files, eReturns (XML or JSON) etc, from user’s Browser using user’s local machine Key-store, USB Token or Smartcard.

Also in most of the signing scenarios, for requirement to protect data within the server boundaries, it’s not recommended to send complete pdf file or data to browser or to signing API server.

Thus, its good practice, to use JavaScript through browser extension to access some application running on local system to access local KeyStore and produce the signature and send back (PKCS7 or CMS container in case of PDF signing) to server where the signature may be injected back to PDF or eReturn from which hash was created for signing and was sent to browser.

For browser based signing scenarios, one such free Chrome extension available is Signer.Digital chrome extension. Local system (host running behind the chrome browser on windows) may be downloaded from https://download.cnet.com/Signer-Digital-Chrome-Extension/3000-33362_4-78042540.html Installing this host and restarting Chrome will automatically add Signer.Digital Chrome Extension

The actual working of this extension is illustrated here along with link to complete code walk-through and complete C# source code.

Sample JavaScript and Server side pseudocode code to sign GST return using Signer.Digital Extension:

function getSignature(hash){
       //Sign GSTR Return Hash using Signer.Digital Chrome Extension
       //This method returns CMS (PKCS7) Signature
       SignerDigital.signGstHash(hash)
    .then(function(signature){
           //send signature to return filing server
       },function(error){
           //send error to server and/or report error to user
       });
   }

//For Income Tax Return signing use method:
//This method returns SHA256 Signature
SignerDigital.signITHash(hash, PAN)

Server side pseudocode example to file GSTR3B would be as below:

1. User clicked FileReturn button on Browser.
2. Call method to download GSTR3B Return summary - ApiAction "RETSUM"
3. Call method compute hash of ResponsePayload from step 2 above.
4. Send Hash in above step for signing, where above JavaScript method will get GSTR return hash signed using SigherDigital Extension method.
5. Return signature (as shown in JavaScript above) to Web application server which will proceed with GSTR3B Filing API call to GSTN server.

If you are using TaxProGST.API free library to file GSTR3B pseudocode would be as below:

1. User clicked FileReturn button on Browser.
2. Call method GSTR3BAPI.GetGstr3BDataSchedulePayloadAsync – to download GSTR3B Return summary - ApiAction "RETSUM"
3. Call method GSTR3BAPI.ComputeReturn3BHash(ResponsePayload from step 2 above)
4. Send Hash in above step for signing, where above JavaScript method will get GSTR return hash signed using SigherDigital Extension method.
5. Return signature (as shown in JavaScript above) to Web application server
6. Server application will proceed with GSTR3B Filing API call to GSTN server using method GSTR3BAPI.FileReturn3BFromBrowser

这篇关于如何使用JavaScript形式的浏览器和用户的USB令牌对GST返回或eReturn进行数字签名?我可以使用WebCrypto API吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！