I have a pretty simple use case. The user of my web application should be able to sign outputs on certain workflow steps. The website is secured via mutual ssl, so when a user signs in he is prompted to pass his certificate. This works fine, so I know, that the browser can access the certificates (from the PKI Card via Firefox's crypto-module or the Windows' keystore in Chrome). From that point it should be easy to use a user's certificates from within the browser. But it seems that there is no an obvious way.
What I tried:
There are some StackOverflow questions (but all seem to be old):
- Accessing signing/encryption in a browser's Keystore using JavaScript - sample code? (WebCryptoAPI)
- js signature on chrome with OS keystore
webcrypto api
This API seems to be great. Also that use case seems to be exact what I need. But the final implementation seems not have that capabilities
pkijs
As webcrpypto api exactly that capability seems not to be implemented
webcrypto key discovery
Is that the missing link? I'm not sure....
Why a new question? As we have 2020 now, the older questions and answers contain a lot of outdated stuff (active-x, java-applets), so I hope that we can get a clear and obvious answer making it possible without any workarounds.
Update: I'm afraid it's still impossible: https://techblog.bozho.net/electronic-signatures-using-the-browser/