Signing with eID cards (private key is not directly accessible)
diidiiman opened this issue · 6 comments
Hello!
Trying to wrap my head around the functionality of this package.
The scenario I am currently faced with is that the information which must be signed has to be provided to external service which holds the private keys.
Is there a possibility right now to have the canonicalizated information for signing to be returned, sign it somewhere else, and afterwards take the received signature and finalize the XML assembly?
I would highly appreciate any pointers!
Check out FortifyApp.com this provides a smart card and local certificate and key access via a polyfill for “web crypto” which XADESjs is based.
Also check out Hancock.ink as it used these as part of its signing solution.
@rmhrisk I downloaded the fortifyapp for windows (version 1.0.20). It seems to be outdated and newer tokens aren't present. A new release from the fortifyapp will be published?
It’s last release is about a month old.
It supports many tokens.
If your token is not supported file a bug with the ATR and the path to the PKCS11 library for it in the appropriate repository.
Is it possible to use the Chrome Token Signing (https://github.com/open-eid/chrome-token-signing/) together with this library? So it possible for user to sign XML document in Browser?
In theory if you wrapped their proprietary interfaces with a webcrypto polyfill you could.
Also look at fortifyapp.com many use this library with that.
Hi @diidiiman I am facing the same scenario. I am successfully getting signatures from eID cards through hwcrypto, but I need to be able to turn them into XADES-T signatures. Any idea on how to do that?
I think I will post a new issue about this.