带有X509证书的Web签名+;智能卡
已解决 我正在尝试将签名功能添加到我的web应用程序中 必须使用智能卡进行签名。所以,在搜索了很多地方后,我找到了WebCryptoSocket()-WebCryptoSocket模块实现了加密接口,并使用Fortify应用程序实现加密 然后,我可以登录我的应用程序,但它生成的签名不是有效的PKCS签名,它只返回没有公共证书的签名哈希 我的代码基于以下示例: 此外,欢迎对WebCryptoSocket和fortify发表评论 我正在做这样的事情,按照fortify的建议填写提供者和证书:带有X509证书的Web签名+;智能卡,web,x509certificate,smartcard,fortify,Web,X509certificate,Smartcard,Fortify,已解决 我正在尝试将签名功能添加到我的web应用程序中 必须使用智能卡进行签名。所以,在搜索了很多地方后,我找到了WebCryptoSocket()-WebCryptoSocket模块实现了加密接口,并使用Fortify应用程序实现加密 然后,我可以登录我的应用程序,但它生成的签名不是有效的PKCS签名,它只返回没有公共证书的签名哈希 我的代码基于以下示例: 此外,欢迎对WebCryptoSocket和fortify发表评论 我正在做这样的事情,按照fortify的建议填写提供者和证书: fun
function sign() {
var provider;
var cert;
Promise.resolve()
.then(function () {
var providerID = document.getElementById("providers").value;
return ws.getCrypto(providerID)
})
.then(function (crypto) {
provider = crypto;
signDataElement基于我们使用Hancock()中的Fortify()和PKIjs()以及CAdESjs()来创建CMS签名
您可以在这里看到基于PKIjs的JS中的一个基本CMS示例:
您需要向我们提供一个您正在做的示例,我们可以告诉您需要做哪些不同的事情
RyanRyan,谢谢你的回答。我添加了一些用于签名的代码。我正在看你提到的例子,但我无法实现的是在base 64中获得证书。Nacho,看来你根本没有尝试使用上面链接的CMS例子。如果你遇到麻烦,我很乐意帮助你,但我没有时间帮你。Ryan,我已经阅读了示例,如果我没有错,我需要私钥和公钥或PEM证书。我尝试过不同的方法,但我不能:(您不需要私钥,WebCrypto为您抽象了这一点。由于您没有提供任何代码来尝试执行您的请求,而不是简单地为您编写代码,因此我无能为力。在您之前的回答中,您询问了如何获取证书,不清楚您的应用程序流是什么样子,但如果您不需要的话o枚举证书您可以看到以下示例:Ryan,我已经编辑了答案并添加了更多代码。我希望它更清晰
setEngine('subtle', crypto,
new CryptoEngine({ name: 'subtle', crypto: crypto, subtle: crypto.subtle }));
return GetCertificate(provider,
document.getElementById("certificates").value);
})
.then(function (certificate) {
cert = certificate;
return GetCertificateKey("private", provider,
document.getElementById("certificates").value);
})
.then(function (key) {
if (!key) {
throw new Error("Certificate doesn't have private key");
}
var textToSignElement = document.getElementById("textToSign");
var signatureResultElement =
document.getElementById("signatureResult");
signDataElement(textToSignElement, signatureResultElement,
cert, key, provider);
})
}
function signDataElement(textToSignElement, signatureResultElement,
key, cert, provider) {
var message = pvtsutils.Convert.FromBase64(hashElement.value);
var hashAlg = key.algorithm.hash.name;
var sequence = Promise.resolve();
sequence = sequence.then(() => provider.subtle.digest({ name: hashAlg },
new Uint8Array(message)));
var cmsSignedSimpl = null;
var messHex = null;
var certRaw = null;
sequence = sequence.then(function (res) {
messHex = res;
return GetCertificateAsPEM(provider, cert);
});
//region Combine all signed extensions
sequence = sequence.then(result => {
certRaw = result;
var signedAttr = [];
signedAttr.push(new Attribute({
type: "1.2.840.113549.1.9.3",
values: [new ObjectIdentifier({ value: "1.2.840.113549.1.7.1" })]
})); // contentType
signedAttr.push(new Attribute({
type: "1.2.840.113549.1.9.5",
values: [new UTCTime({ valueDate: new Date() })]
})); // signingTime
signedAttr.push(new Attribute({
type: "1.2.840.113549.1.9.4",
values: [new OctetString({ valueHex: messHex})]
})); // messageDigest
return signedAttr;
});
sequence = sequence.then(signedAttr => {
var asn1 = fromBER(PemToDer(certRaw));
var newCert = new Certificate({ schema: asn1.result });
newCert.issuer.typesAndValues.push(new AttributeTypeAndValue({
type: "2.5.4.3", // Common name
value: new BmpString({ value: cert.issuerName })
}));
cmsSignedSimpl = new SignedData({
version: 1,
encapContentInfo: new EncapsulatedContentInfo({
eContentType: "1.2.840.113549.1.7.1" // "data" content type
}),
signerInfos: [new SignerInfo({
version: 1,
sid: new IssuerAndSerialNumber({
issuer: newCert.issuer,
serialNumber: newCert.serialNumber
}),
signedAttrs: new SignedAndUnsignedAttributes({
type: 0,
attributes: signedAttr
})
})],
certificates: [newCert]
});
return cmsSignedSimpl.sign(key, 0, hashAlg, message)
});
sequence = sequence.then(() => {
var cmsSignedSchema = cmsSignedSimpl.toSchema(true);
var cmsContentSimp = new ContentInfo({
contentType: "1.2.840.113549.1.7.2",
content: cmsSignedSchema
});
var _cmsSignedSchema = cmsContentSimp.toSchema();
//region Make length of some elements in "indefinite form"
_cmsSignedSchema.lenBlock.isIndefiniteForm = true;
var block1 = _cmsSignedSchema.valueBlock.value[1];
block1.lenBlock.isIndefiniteForm = true;
var block2 = block1.valueBlock.value[0];
block2.lenBlock.isIndefiniteForm = true;
//endregion
return _cmsSignedSchema.toBER(false);
}, error => Promise.reject(`Erorr during signing of CMS Signed Data: ${error}`));
sequence.then((certificateBuffer) => {
var certSimplString = String.fromCharCode.apply(null,
new Uint8Array(certificateBuffer));
signatureElement.value = formatPEM(window.btoa(certSimplString));
alert("Certificate created successfully!");
})
return sequence;
}
function GetCertificate(provider, certID) {
var certID;
return provider.certStorage.getItem(certID)
.then(function (cert) {
return cert;
});
}
function GetCertificateAsPEM(provider, cert) {
return provider.certStorage.exportCert('PEM', cert);
}