Developers Guide

Information for Developers using Digi-Seal™

[1] As described, the Web Forms Signer Applet is a Java based client side component running inside a Web browser which digitally signs Web forms and Electronic Files with a private key and public key certificate stored in a PKCS#12 compliant keystore file.

With the standard resources of HTML and JavaScript we cannot sign client files in Web browser. This is a problem of web technology that has no standardised solution that can be supported by all web browsers. JavaScript does not support functionality for working with digital signatures and certificates and can not access either the user certificates installed on a web browser, nor external storage for keys and certificates.

There are some solutions:

• One possible solution to sign documents in the user's machine is any user to install the specialized software. This could work well but there are some problems:
• There is also a problem with the maintenance of keystores for different types of certificates - PFX files, smart cards, etc. In different operating systems access to such repositories it differently. Any change in the software will cause all users to download and install the correct version. If consumers are many, this may prove a serious problem.
• The software for signature must have separate versions for different operating systems, which the consumer could use. This is not always an easy task, especially if it is to support a large number of different platforms
• There is also a problem with the support of storage for different types of certificates - PFX files, smart cards, etc. In different operating systems access to such repositories is differently
• The integration of software with such a web interface system is not an easy task, especially if it is to maintain various web browsers. If external software for signing the documents is not well integrated with the Web system its use would be inconvenient for the user
• The computed form digital signature is a PKCS#7 SignedData object encoded as Base64 string that is inserted into one of the Web form custom fields and posted to the Web server along with the entire form. The name of the custom field storing the computed PKCS#7 SignedData object should be configurable as an applet external parameter
• For the purpose of digital signing the Web form, the applet uses the private keys and public key certificates from a PKCS#12 compliant file
• The applet supports signing of 3 types of Web forms:
• Web forms with one or more data fields: text fields, drop downs, radio buttons, check boxes, text areas, etc.
• Web forms with one or more electronic files for uploading
• Web forms with mixed content (data fields and electronic files)
• Use of ActiveX controls in Internet Explorer. ActiveX controls are Windows components, COM-based technology, which implement some functionality, have their own graphical user interface and may be build in to web pages and then run inside pages [MSDN ActiveX].

With them it is not a problem to access the certificates repository of Windows and Internet Explorer (so called Windows Certificate Store) for instance using the standard Windows library CryptoAPI or with the CAPICOM component.
ActiveX controls can decide a technical problem, but they are not platform independent – support only for Windows platform.

In the Windows environment, if you use Microsoft Internet Explorer, can be installed ActiveX control CAPICOM. It represents COM cover of Microsoft CryptoAPI and is object model and provides access for cryptography functionality of Windows.
Once installed, CAPICOM it can be used in VBScript to sign the text data such as web forms but there are some problems.

The most serious of them is that the technology works only with Windows-based Web browser Microsoft Internet Explorer. Under other operating systems and Web browsers CAPICOM is not available. An additional requirement is the need to install a single CAPICOM ActiveX control on the client machine, which may create difficulties.
Another problem is that in order to sign a file, it must be read and VBScript does not allow access to the file system

• Use of method crypto.signText() in Netscape and Mozilla.

In the new versions of Web browsers Mozilla and Netscape have incorporated functions to sign the text. They support JavaScript function crypto.signText(text, certificateSelectionMode) which signed a digital string. Advantage of this technology is that does not require installing any additional software.

The main problem of this technology is that works only with web browser Mozilla and Netscape (under all platforms, which are available - Linux, Windows, Solaris, etc.). But not supported by Internet Explorer.

The other problem is that in order to sign the file, it must be read and this can not happen with JavaScript. For that reason these technologies may be signed only web forms or parts of them, but not files.

• Java applet

Java applets are extensions of standard Web technologies and have the advantage that can work in all popular web browsers and all operating systems.

Java applets are the only technology that can decide on platform-independent way the problem with digital signing of documents in a user‘s web browser.

To read more and for a comprehensive understanding of the Digi-Seal™ application, how to use and configure it, download the Digi-Seal™ Manual [1]