So I'm stuck with this problem:
IE Edge no longer allow applets, activeX, etc. ,
and I have this applet that is used for digital signature,
the idea is to extract the private key from the KEY file in the client side, in that way the private key never leaves the client's computer, that is a requirement for security, it can't be avoid :(
I'm looking for APIs or frameworks, but I can't found a way to solve this,
with jsrsasign the examples uses a PEM file but my users have .CER + .KEY + password, in java I can do it, but I need to do it in javascript or in something on the client side.
and, reading the Web Cryptography API and some examples I found, they generate NEW private and public keys to sign BUT they never READ an existing CERTIFICATE
does anybody have this problem or know a framework I could use?
please heeeelp!
So the answer was to use JSRSASIGN (http://kjur.github.io/jsrsasign/) in the examples posted in github it uses PEM files, I build an example to use CER+ KEY + PASSWORD >> https://github.com/alfredomova/firmaJs-with-jsrsasign-example,
for that specific example i used sparkMD5(https://github.com/satazor/SparkMD5) to calculate the file's hash.
Modern browsers no more supports ActiveX, applets. WebCrypto API generates and uses keys dynamically but does not have capability to access Certificates from Certificate Store.
The accepted answer provided by Alfredo M, who has also asked question, points to JavaScript to handle cryptography in browser which does not talk about accessing local Certificate Store. Recently Certificates are not being generated/issued as pfx (or PEM) files but on Cryptographic device like USB Token or smart card.
Thus we need to use Browser Extensions for modern browsers where application running behind the Browser can access Certificate Store and sign the hash. One such browser extension is provided free by my Company. You just need couple of lines of JavaScript code to call methods provided by any Browser Extension to achieve Digital Signing from modern Browser. If you just want to sign files or eReturns, you don't need any server side component. If you want to sign pdf, you may need pdf component on server side.
You don't necessarily need to force your web app to work in Edge since it no longer support the legacy technologies that your web app is using.
"Use Enterprise Mode with Microsoft Edge to open Internet Explorer 11
for your business’s sites that require IE’s proprietary technologies."
Include your site on the Enterprise Mode Site List so it will open in IE11 automatically:
Once Edge detects that your web app is using propietary technologies, it will tell you to open your site in IE11.
The steps and the details can be found in this blog post by the Microsoft Edge team and check the user experience section of the blog so you'll get the idea of the UX it will bring to your users once implemented:
http://blogs.windows.com/msedgedev/2015/08/26/how-microsoft-edge-and-internet-explorer-11-on-windows-10-work-better-together-in-the-enterprise/
Related
I have a website and I need to know which device is used by my users.
Is there a way to know which device is used by a user on a website?
I know some website like webkay.robinlinus can demonstrate all a browser knows about a user.
The best will be to have the device (iPhone/Android) and the type of iPhone (8/XR,etc..) would be perfect.
Thank you for your advices
Is there a way to know which device is used by a user on a website?
No, there is not - this is by-design and is to protect the privacy of web users.
What you can do is use long-life'd cookies or use localStorage to track users on your own sites (origins) - though you'll need to ensure you comply with relevant privacy laws in your jurisdiction.
For web-applications accessed from a desktop browser, you can ask your users to manually download and install software that would run a broker-process or other helper utility that runs a webserver on localhost which your web-application could communicate with to identify the client - but be very careful as this may introduce security and privacy risks and vulnerabilities. This approach is used by Dell to allow their website to read your computer's Service-Tag through the web-browser, and by some of Microsoft's support websites as well. But I stress the importance of exercising extreme caution when implementing this because you don't want other websites or applications using your client-side program.
var x = "User-agent header sent: " + navigator.userAgent;
Send navigator.userAgent in the head tag
This saves the device and browser of the user
For More Reference Check W3schools
https://www.w3schools.com/jsref/prop_nav_useragent.asp
I would like to access a special hardware (a penta scanner, for the wisest ;) ) from a web page.
The aim is to retrieve the information from the scanner and compute it on server side.
The problem here, is that I have to summon functions from a DLL that has to be on the client side. I have two leads for that:
Develop a COM DLL and use ActiveX
Try to get through a homemade extension for a web browser in order to communicate with the local DLLs.
I've tried the first option, and I got stuck and I've posted another thread about it. Anyway, even if it works, there are too many constraints about it (as to use IE or the fact that even Microsoft is not fond of this feature and banned it from edge).
The second method is something that I found on another forum but, I do not understand how I can interact with a browser extension (whatever the browser).
So what I am asking is:
Is it possible to use a web browser extension as a medium to a local DLL and if so, would you be so kind as to give a hint about how to do ar anything that might look like a start about how to do it (even just some key words to use on google, since mine didn't get anything)....
Thanks.
Based on my understanding, the motive to develop an Extensions is to enhance the feature and functionality for particular web browser.
You cannot control any hardware devices like printer or scanner with it.
So if your goal is to control the scanner from your web page with the help of any kind of extension than I think you cannot do this with Extension.
So, till Windows 7 there was a Microsoft ActiveX component: CAPICOM, which one could call from Javascript and then show the contents of the certificate storage on the client's machine. The client then could choose the appropriate certificate and sign some document with the certificate's private key.
That's how the access to the certificate storage looked in Javascript:
var MyStore = new ActiveXObject("CAPICOM.Store");
var oCertificates = new ActiveXObject("CAPICOM.Certificates");
// attempt to open the personal certificate store
MyStore.Open(CAPICOM_CURRENT_USER_STORE, "My", CAPICOM_STORE_OPEN_READ_ONLY);
What’s the alternative to using CAPICOM nowadays? I want the client to be able to sign some piece of text with his private key in the browser and then send the signed text with the public key to the server. Is it still possible?
Maybe I could use Java or Silverlight instead of pure JavaScript? What about PKI.js and similar?
In general, currently is not possible due to lack of support of browsers to Java or silverlight.
Chrome has dropped support to NPAPI plugins. Firefox has announced it will discontinue it in 2017, Edge has no support. Microsoft has deprecated Silverlight and Oracle has also announced the deprecation of the Java browser plug-in. Only old versions of IE could be used.
Javascript cryptographic libraries such as PKI.js, forge or the built-in WebCryptographyApi can be used to perform digital signatures, but they do not have access to the Operative System KeyStore, so you can not access to the installed certificates
Alternatives (Not very encouraging):
Use WebCryptographyApi loading certificates in browser (not for smartcards)
Launch a local application installed on your device and invoke via protocol, using an embedded http server or with chrome messaging api
Wait patiently to Key Discovery Api which will provide with access to the OS keystore to WebCrypto
In fact I've created a .NET ActiveX object and used X509Certificate2UI class and others from the same namespace to show information about the certificates and to sign some data.
Pros: no need to use CAPICOM.
Cons: it's still an ActiveX component and so it's available in Internet Explorer only.
But that was ok for my client so I took this path.
I am creating a Cross browser Platform Web Application (HTML, JS, CSS), However I require a strong database storage that I can query on the client using JS. Web SQL/SQLite seems to be the best way to go BUT there is no support for it in IE. Does anyone know of any other querable client storage out there. or a working implementation of embedding SQLite "like" functions into the browser.
Thanks
The Web Storage API is available in all major browsers including mobile and desktop. I haven't used it before, but from my research I can tell that it doesn't use SQL queries. It seems to be the best option, even so I would recommend still using a fallback for browser that won't support the API (for example anything before IE8).
Hope this works out for you!
I am wondering if there is a way we can achieve this. I heard different things about Silverlight 4, JavaScript or ActiveX control, but I have not seen any demo of code for any of them.
Is there a web component that is available or how can I write one?
We really like to capture a client's USB drive via the Web and read/write data on it. This has to work for any operating system in any web browser.
What about WPF in browser mode? I read that I can host my WPF applications inside browser and sort of like smart client.
Here is a great example of doing this via Silverlight 4, but the author mentions about possibility of accessing USB on Mac via:
Enable executing AppleScript scripts.
This option will let us have the same amount of control on a Mac machine as we do on a Windows machine.
Add an overload to ComAutomationFactory.CreateObject() that calls the “Tell Application” command under the scenes and gets a AppleScript object.
This option would work extremely well for Microsoft Office automation. For any other operating system feature, you’ll have to code the OS access twice.
I did not quite understand it. Has any tried this?
Web browsers are deliberately isolated from the filesystem for security reasons. Only Java (not "Java Script"), Flash or browser plug-ins can accomplish this.
JavaScript cannot directly access your local disk (including a flash drive) for security reasons (would you really want any web site you look at to access, change, or even delete your files?), and ActiveX controls are IE-specific, so you should probably use a Java applet (not JavaScript). While Java's security policy normally does not allow access to local disks, signed applets can with the user's permission.
If you're willing to introduce a dependency on Flash (10), you can use the FileReference class to get access to one file at a time, first for reading using the browse method, then for writing using the save method.
Note that for security reasons, each call to these methods must be triggered as a result of user input (e.g. clicking a button), and each time they are called an OS-specific File Open/Save As dialog box is displayed.
There's a video tutorial which gives some sample code for editing a text file (load + save) directly in Flash, without needing any server-side help. It should be enough to get you started in the right direction.
What about WPF in browser mode...I read that I can host my wpf apps inside browser and sort of like smart client.