Using PKI certificate to sign with the browser

2k Views Asked by At

I have a pretty simple use case. The user of my web application should be able to sign outputs on certain workflow steps. The website is secured via mutual ssl, so when a user signs in he is prompted to pass his certificate. This works fine, so I know, that the browser can access the certificates (from the PKI Card via Firefox's crypto-module or the Windows' keystore in Chrome). From that point it should be easy to use a user's certificates from within the browser. But it seems that there is no an obvious way.

What I tried:

google

There are some StackOverflow questions (but all seem to be old):

webcrypto api

This API seems to be great. Also that use case seems to be exact what I need. But the final implementation seems not have that capabilities

pkijs

As webcrpypto api exactly that capability seems not to be implemented

webcrypto key discovery

Is that the missing link? I'm not sure....

Why a new question? As we have 2020 now, the older questions and answers contain a lot of outdated stuff (active-x, java-applets), so I hope that we can get a clear and obvious answer making it possible without any workarounds.

Update: I'm afraid it's still impossible: https://techblog.bozho.net/electronic-signatures-using-the-browser/

0

There are 0 best solutions below