通过浏览器访问ePass2003 Auto令牌 [英] Accessing ePass2003 Auto token through browser

问题描述

我的ePass2003 Auto令牌已加载有自签名证书.我将lib **.so文件加载到firefox中，现在firefox可以在令牌中列出证书了.我的要求是访问密钥库以进行签名，加密和解密，即使用公钥和私钥对它们进行加密操作.我可以要求进行上述加密操作的javascript API指南.

I have got ePass2003 Auto token loaded with self signed certificate. I got lib**.so file to load into firefox and now firefox can list the certificate in token. My requirement is to access the keystore for signing, encryption and decryption i.e public and private key for cryptographic operation on them. May i request guidance on javascript API for doing above cryptographic operation.

推荐答案

披露:我为CISPL工作

Disclosure: I work for CISPL

要访问ePass2003或任何智能卡或加密USB令牌，您需要使用浏览器扩展.据我所知，浏览器可能使用来自加密设备的密钥进行TLS握手.我公司提供了这样的扩展名 Signer.Digital Browser Extension . Chrome 和

To access ePass2003 or any Smartcard or Cryptographic USB Token, you need to use Browser Extension. As far as I know, browsers may use the keys from crypto device for TLS handshake. My company provides such extension Signer.Digital Browser Extension. Chrome and Firefox

Windows主机可以从 https://signer.digital下载. /downloads/Signer.Digital.Browser.Extension.Setup.msi

Windows Host may be downloaded from https://signer.digital/downloads/Signer.Digital.Browser.Extension.Setup.msi

在Windows上，我们不需要PKCS#11，但是我们使用Windows CSP.因此，必须在Windows客户端设备上安装USB令牌驱动程序，才能从Web浏览器工作. lib **.so文件不适用于Windows，但适用于Linux.

On windows, we don't need PKCS#11 but we use Windows CSP. Thus, USB token driver must be installed on Windows client device for this to work from web browser. lib**.so file is not for Windows but it's for Linux.

Linux主机使用此.so文件和PKCS#11来完成任务，但这对ePass2003用户而言是透明的，并且主机应用程序负责此工作.

Linux host uses this .so file and PKCS#11 to accomplish the task but this is transparent to ePass2003 users and Host application takes care of this.

我的要求是访问用于签名，加密和解密的密钥库，即用于对其进行加密操作的公钥和私钥.我可以要求进行上述加密操作的javascript API指南.

My requirement is to access the keystore for signing, encryption and decryption i.e public and private key for cryptographic operation on them. May i request guidance on javascript API for doing above cryptographic operation.

我正在列出javascript API(Signer.Digital版本1.6.3)提供:

I am listing the javascript API (Signer.Digital Version 1.6.3) provides:

1. 选择证书:.这将打开弹出窗口以选择证书.可以提供certThumbPrint参数，以静默方式选择证书.

1. Select Certificate: This will open popup window to select certificate. certThumbPrint paramater may be provided to select certificate silently.

SignerDigital.getSelectedCertificate(certThumbPrint = "")

1. 签名哈希:

SignerDigital.signHash = function(hash, certAlgorithm, certThumbPrint = "")

1. 签名验证码/数据:计算数据的哈希值，然后对哈希值进行签名.

1. Sign Authtoken / Data: calculate hash of data and then sign hash.

SignerDigital.signAuthToken = function(authtoken, certAlgorithm, certThumbPrint = "") certAlgorithm具有必须使用的算法.例如:"SHA256"或"SHA-256"

SignerDigital.signAuthToken = function(authtoken, certAlgorithm, certThumbPrint = "") certAlgorithm is hasing algorithm to be used. ex: "SHA256" or "SHA-256"

1. 签名PDF :-返回PKCS7签名容器

SignerDigital.signPdfHash = function(hash, certThumbPrint, certAlgorithm)

1. 签名XML:

SignerDigital.signXML = function(xmlDoc, xmlSignParms, certThumbPrint)

1. RSA加密:(使用用户的私钥)

1. RSA Encrypt: (Using private key of user)

SignerDigital.encryptB64Data = function(b64Data, useOAEPPadding, certThumbPrint = "")

示例:

var strToEnc = "Clear Text String to Encrypt.";
var strB64Data = btoa(strToEnc);
console.log("Base64 String of Clear Text String: " + strB64Data);

//Do not provide last parm - certThumbPrint to open dialog to select certificate.
SignerDigital.encryptB64Data(strB64Data, false, "224D7F695ABF0E22EA8D314497F5B56AEFA96FFE") //false for PKCS1 padding, true for OAEP padding
  .then(
    function(EncryptedB64String) { //Success returns xmlSign
      console.log("Encrypted Base64 String: " + EncryptedB64String);
      console.log("Encrypted String: " + atob(EncryptedB64String));
    },
    function(ErrMsg) {
      console.log(ErrMsg);
    }
  )

1. RSA解密:(使用用户的私钥)

1. RSA Decrypt: (Using private key of user)

SignerDigital.decryptB64Data = function(b64Data, useOAEPPadding, certThumbPrint = "")

示例:

console.log("Encrypted B64 string from server: " + EncB64String);
SignerDigital.decryptB64Data(EncB64String, false, "224D7F695ABF0E22EA8D314497F5B56AEFA96FFE")
  .then(
    function(DecryptedB64String) { //Success returns xmlSign
      console.log("Decrypted Base64 String: " + DecryptedB64String);
      console.log("Decrypted String: " + atob(DecryptedB64String));
    },
    function(ErrMsg) {
      console.log(ErrMsg);
    }
  )
},
error: function(msg) {
  console.debug(msg);
}

1. 签署IT/eTDS回报:(签署印度所得税/eTDS回报-与signHash方法相同，除了其他可选参数:PAN)

1. Sign IT/eTDS Return: (Sign Indian Income Tax/eTDS Return - Same as signHash method, except additional optional param: PAN)

SignerDigital.signITHash = function(hash, PAN, certThumbPrint = "")

传递PAN空白以打开选择证书"对话框.如果PAN为非空，并且存在PAN的证书，则将以静默方式选择证书.

Pass PAN blank to open Select Certificate Dialog. If PAN is nonempty, and certificate for PAN is present, will silently select certerficate.

1. 签署CMS:(签署印度GST退货)

1. Sign CMS: (Sign Indian GST Return)

SignerDigital.signGstHash = function(hash, certThumbPrint = "")

1. 签署IceGate数据:(签署IceGate-印度海关数据-Json，文本，XML)

1. Sign IceGate Data: (Sign IceGate - Indian Customs Data - Json, text, XML)

SignerDigital.signIceGate = function(b64Data, certThumbPrint = "")

可以在 https://web.signer.digital/<下测试PDF签名和基于数字签名的身份验证的工作. /a>

Working of PDF Signing and Digital Signature based Authentication may be tested at https://web.signer.digital/

这篇关于通过浏览器访问ePass2003 Auto令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！