使用USB令牌或智能卡上的数字签名证书从浏览器进行用户身份验证 [英] User Authentication from Browser using Digital Signature Certificate on USB Token or Smart Card

查看:399
本文介绍了使用USB令牌或智能卡上的数字签名证书从浏览器进行用户身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想从客户端的USB令牌或智能卡上获得带有数字签名的浏览器用户身份验证的JavaScript代码.但是我不知道如何使用USB令牌从浏览器对登录请求(例如authtoken或UserID和Passwrd)进行数字签名.我需要在浏览器上弹出一个窗口,以选择USB令牌形式的证书.我的用户在其PC上安装了各种品牌的USB令牌和相应的驱动程序.

我需要一种无需用户选择代答驱动程序的解决方案.

解决方案

诸如Java applet,Active X等方法已从新的Modern Browser产品中逐步淘汰.近年来,有关WebCrypto API的讨论很多,但是到目前为止,WebCrypto API不能提供对(Windows)或任何其他密钥存储区或本地加密USB/智能卡设备的访问.

对于使用Digital Signature从浏览器进行身份验证,Signer.Digital chrome扩展程序是一种可用的免费Chrome扩展程序.可以从 https://signer.digital/downloads/Signer.Digital.Chrome.Host.Setup.zip 安装此主机并重新启动Chrome会自动添加 Signer.Digital Chrome扩展程序

此扩展程序的实际工作在此处

测试步骤:

  1. 为USB令牌或智能卡安装设备驱动程序-这将使您的证书在Windows证书存储区中

  2. 安装上述的设置.

  3. 重新启动Chrome浏览器.

  4. 打开此链接

  5. 输入用户ID&密码,然后单击注册按钮-这将要求选择数字签名"并在服务器上注册(仅对于此会话-不是永久的).

  6. 然后再次输入相同的用户ID和密码,并选择相同的证书,然后单击登录.选择其他证书将不允许登录.

从扩展名调用方法的JavaScript:

要在服务器上注册证书: 

//Get Selected Certificate Information 
SignerDigital.getSelectedCertificate()
    .then(
        function (CertInfo) {        
    //Success returns Certificate Subject and Thumbprint
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

要使用数字签名进行身份验证或登录,请执行以下操作: 

SignerDigital.signAuthToken(authToken, "SHA-256")       //or "SHA256"
    .then(
        function (SignData) {        //Success returns Signed Auth Token
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

要签署PDF: 

    //Calculate Sign for the Hash by Calling function from Extension SignerDigital
    SignerDigital.signPdfHash(hash, $("#CertThumbPrint").val(), "SHA-256")      //or "SHA256"
     .then(
            function (signDataResp) {
              //Send signDataResp to Server
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

如果失败:,则返回错误消息,以"SDHost错误:"开头

来自浏览器的用户身份验证

I would like to know JavaScript code for user authentication from browser with digital signature on client’s USB Token or Smart Card. But I don’t understand how to digitally sign login request, say authtoken, or UserID and Passwrd from browser using USB Token. I need a popup on browser to select certificate form USB Token. My user have USB tokens of various makes and respective driver installed on their PC.

I need a solution where user don't have to select tokken driver.

解决方案

Methods like java applets, Active X, etc are being phased out from the new Modern Browser offerings. Recently much is being talked about WebCrypto API but as of now, WebCrypto API does not provide access to (Windows) or any other Key stores or local crypto USB/Smartcard device.

For Authentication from Browser using Digital Signature, one such free Chrome extension available is Signer.Digital chrome extension. Local system (host running behind the chrome browser on windows) setup may be downloaded from https://signer.digital/downloads/Signer.Digital.Chrome.Host.Setup.zip Installing this host and restarting Chrome will automatically add Signer.Digital Chrome Extension

The actual working of this extension is illustrated here

Testing Steps:

  1. Install Device Drivers for your USB Token or Smart Card - This should make your Certificate in Windows Certificate Store

  2. Install setup indicated above.

  3. Restart Chrome Browser.

  4. Open this link

  5. Put UserID & Password and click Register button – this will ask to select Digital Signature and register it on server (For this session only – not permanent).

  6. Then again put same UserID and Password and select same Certificate and click Login. Selecting different certificate will not allow login.

Javascript to call method from extension:

To Register Certificate on Server:

//Get Selected Certificate Information 
SignerDigital.getSelectedCertificate()
    .then(
        function (CertInfo) {        
    //Success returns Certificate Subject and Thumbprint
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

To authenticate or Login using Digital Signature:

SignerDigital.signAuthToken(authToken, "SHA-256")       //or "SHA256"
    .then(
        function (SignData) {        //Success returns Signed Auth Token
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

To sign PDF:

    //Calculate Sign for the Hash by Calling function from Extension SignerDigital
    SignerDigital.signPdfHash(hash, $("#CertThumbPrint").val(), "SHA-256")      //or "SHA256"
     .then(
            function (signDataResp) {
              //Send signDataResp to Server
        },
            function (errmsg) {
                //Send errmsg to server or display the result in browser.
              }
     );

If Failed: returns error msg starting with "SDHost Error:"

User Authentication from Browser

这篇关于使用USB令牌或智能卡上的数字签名证书从浏览器进行用户身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆