带有OS密钥库的chrome上的js签名 [英] js signature on chrome with OS keystore
问题描述
http://www.w3.org/TR/WebCryptoAPI/ 来定义一种从javascript生成数字签名,加密等的方法。基本上在对象中的窗口中定义了一个新对象 crypto DOM 它必须提供具有签名和加密功能的javascript。 Chrome开始实现这个对象,该对象目前在其JavaScript引擎中可用(我认为处于测试阶段),我尝试使用它来生成一些签名,似乎正常工作,但我认为最有用的方式来生成数字签名这个新对象使用OS密钥库中的私钥代替自动生成密钥材料,但此工作草案中未涵盖此访问权限。
我工作了一年用一个签名小程序来处理操作系统密钥库(MS,Firefox KS,MAC OS X),但是我想直接用javascript做,如果有可能避免applet最后一天产生的所有问题......新的安全性重新定义,新的MANIFEST .MF属性,浏览器阻塞插件等等,这些都是真正的痛苦!
所以我正在寻找一种JavaScript方式来这样做,似乎所有主流浏览器都将他自己的方式:
-
在Internet Explorer中有一个ActiveXObject可以访问windows keystor e:
//实例化CAPICOM对象
var store = new ActiveXObject(CAPICOM.Store);
store.Open(CAPICOM_CURRENT_USER_STORE,My,CAPICOM_STORE_OPEN_READ_ONLY);
...
-
访问firefox Keystore看起来像firefox添加了一个 signText 方法位于 window.crypto (更多关于firefox webCryptoAPI实现的信息 here 以及专有实现 here ):
window.crypto.signText(textToSign,请求);
编辑:这个firefox方法从版本开始被弃用34因为它不是一个标准: https://developer.mozilla.org/ en-US / docs / Archive / Mozilla / JavaScript_crypto
然而,在chrome看来,目前并不存在任何相同的事情。
所以任何人都知道如何在Chrome中实现这一点?
任何人都知道在所有浏览器中通用的js方法吗?任何建议给我正确的方向将不胜感激。
谢谢!
解决方案您需要编写能够访问MS Crypto Store并执行加密操作的活动组件。它可以是使用 NativeClient SDK 的Java applet或Chrome浏览器扩展。 Java applet将运行在MSIE,Firefox,Chrome和大多数其他浏览器中,但需要在客户端计算机上安装JRE(Java运行时环境)。
W3C is working on a http://www.w3.org/TR/WebCryptoAPI/ to define a way to generate digital signatures, encrypton and so on from javascript. Basically defines a new object crypto inside a window object in DOM which must provide javascript with signature and encrypton features. Chrome starts to implement this object which is currently available in its javascript engine (I think in beta stage), I make some tries to generate some signatures with it an seems to work correctly, however I think the most util way to generate digital signatures with this new object is using the private keys in the OS keystore instead to autogenerated key material but this access is not covered in this working draft.
I'm work for a years with a signature applet to deal with OS keystore (MS, Firefox KS, MAC OS X) but I want to do directly in javascript if it's possible to avoid all the problems which applet produces last days... new oracle security requeriments, new MANIFEST.MF attributes, browser blocking plugins and so on which are a real pain!
So I'm looking a javascript way to do so and seems that all major browser take his own way:
In internet explorer there is an ActiveXObject to access the windows keystore:
// instantiate the CAPICOM objects
var store = new ActiveXObject("CAPICOM.Store");
store.Open(CAPICOM_CURRENT_USER_STORE, "My", CAPICOM_STORE_OPEN_READ_ONLY);
...
To access firefox Keystore seems that firefox add a signText method in window.crypto (more info about firefox webCryptoAPI implementation here and about the proprietary implementation here ):
window.crypto.signText("textToSign", "ask");
EDIT: This firefox method it's deprecated since version 34 because it's not an standard: https://developer.mozilla.org/en-US/docs/Archive/Mozilla/JavaScript_crypto
However on chrome seems that currently doesn't exists nothing to do the same.
So Anyone knows how can achieve this in Chrome?
Anyone knows a common js way to do so in all the browsers? Any advice to give me in the right direction will be appreciated.
Thanks!
解决方案 You need to write active component that will access MS Crypto Store and peform cryptographic operation. It can be either Java applet or Chrome browser extension utilizing NativeClient SDK. Java applet will run in MSIE, Firefox, Chrome and most other browsers but requires JRE (Java runtime environment) installed on the client computer.
这篇关于带有OS密钥库的chrome上的js签名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
