I would like to be able to sign data on the browser using 100% JavaScript and cryptographic token based keys.
From what I have seen so far, all old implementations of this functionality are being discontinued (e.g. even new ActiveXObject("CAPICOM.Store"); doesn't seem to work in IE11 any more since it throws an error! - I don't know if I am missing something... Perhaps because I run it in the Console window...).
I have looked into the specs of the WebCryptoAPI (that is supposed to be the be the new supported way):
http://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-sign
...and then at this (which is more clear, organized and helpful):
http://msdn.microsoft.com/en-us/library/ie/dn302332(v=vs.85).aspx
...and I saw that it allows you to create new keys (generateKey), but I am not sure if it supports using keys from tokens. There is an importKey but from the description it seems that is not what I need in order to sign with an existing key that the OS can see.
Does this web-standard aim at allowing that kind of functionality? Can I use it as it is now and achieve my goal?
Can I do anything better at least in Firefox that has a device manager (Options->Certifivates->Security Devices)?
Related questions:
Accessing signing/encryption in a browser's Keystore using JavaScript - sample code? (WebCryptoAPI)
js signature on chrome with OS keystore
UPDATE:
I have also found this PDF: http://webpki.org/papers/PKI/x509-webcrypto-extension-scheme.pdf
From what I have seen, there is no window.crypto.subtle.KeyStore in any of the browsers, so I guess this is wild dreams that people have for the distant future...
UPDATE2: This was the reason I couldn't load the ActiveX in IE11: https://stackoverflow.com/a/5157766/2173353
So, at least, there is one old way still working...
No, currently not. Hardware or software tokens of the user are still unavailable. See the comment for Eugene (on the question) for slightly more information.