c# - Best way to sign data in web form with user certificate -


We have a C # web app where users will connect using a digital certificate stored in their browsers.

We have seen that from those examples, it will be easy to verify their identity when we enable SSL, as we can use the fields in the certificate, use the request. To check the client certificate, the name of the client

We have been requested to sign the data sent by the user (some simple fields and a binary file) so that we can prove no doubt, the user who entered every record in our database

Our first thought was to create a small text signature with the field (and if possible, MD5 of the file) and encrypt it with the private key of the certificate But ...

As far as I know we can not access the private key of the certificate to sign the data, and I do not know how to sign the field in the browser What is a method, or do we have no other option to use a Java applet and if this is the latter, how do we do it (is there an open source applet that we can use? Will it be better If we make ourselves ourselves?)

Of course, if any better way to "sign" the field received in the server, using the data that we can access with the user's certificate Are there. But if not, any information on the best way to solve this problem would be appreciated.

I suggest you to use Java-applet this approach is integrated for all browsers We use it in your projects, you have to use JCA API () to sign user-data. In addition, you have to solve the problem of accessing the Windows Certificate Store from Java.

You can solve it like this:

  Mainstore Keystore = Keystore.Testinstance ("Windows-MY", "SunMSCAPI"); Keystore.load (empty, zero); HashMap & LT; String, string & gt; UserPublicKeys = new hashmap & lt; String, string & gt; (); Calculation & LT; String & gt; AliasesEnum = keystore.aliases (); If (AliasesEnum.hasMoreElements ()) throw a new exception ("no certificate!"); // While doing windows personal store through list (aliasesEnum.hasMoreElements ()) {string aliases = aliasesEnum.nextElement (); Boolean hacks = keystore.isKeyEntry (alias); If (isKey) {BASE64Encoder encoder = new BASE64Encoder (); Encoder.encode (keystore.getCertificate (alias) .getEncoded ()); UserPublicKeys.put (aka, encoder.xcode (keystore.readproperty (alias) .getEncoded ())); System.out.println ("Entry Nickname:" + Alias); } // sign private key privateKey = (PrivateKey) keystore.getKey (alias, zero); Provider provider = keystore.getProvider (); // data signed byte [] data = "test data" .getBytes (); // Signing data signature sig = Signature.getInstance ("SHA1withRSA", provider); Sig.initSign (privateKey); Sig.update (data); Byte [] sign = sig.sign (); Println (ByteArrayToFromHexDigits.bytesToHexString (signature) .toUpperCase ()); }  

Comments

Popular posts from this blog

windows - Heroku throws SQLITE3 Read only exception -

lex - Building a lexical Analyzer in Java -

python - rename keys in a dictionary -