Disclosure: I work in CISPL.
Currently, the WebCrypto API does not provide access to (Windows) or any other key stores or a local USB / Smartcard encryption device.
In addition, in most signature scenarios, to require the protection of a PDF file within the boundaries of the server, it is not recommended to send the full PDF file to a browser or to the signature API server.
Thus, it is recommended to create a PDF hash for signature, send the hash to the browser and use javascript through the browser extension to access any application running on the local system, to access the local keystore (or USB / Smartcard), and to create signing and sending back (PKCS7 Container or CMS in case of signing a PDF) to the server, where the signature can be embedded back into the PDF from which the hash for signing was created and sent to the browser or to the api signature server.
For browser-based signature scripts, my company provides one such free extension for the Signer.Digital browser and the .NET library required on the server. The local system (the host running the Chrome browser on Windows) can be downloaded from the cNET download site. When you install this host and restart Chrome, the Signer.Digital Chrome extension will automatically be added
The actual work of this extension is shown here along with a full review of the code and a link to download the VS 2015 project source code to a working sample.
Javascript to call a method from the extension:
//Calculate Sign for the Hash by Calling function from Extension SignerDigital SignerDigital.signPdfHash(hash, $("#CertThumbPrint").val(), "SHA-256") //or "SHA256" .then( function (signDataResp) { //Send signDataResp to Server }, function (errmsg) { //Send errmsg to server or display the result in browser. } );
If successful, returns a Base64 encoded pkcs7 signature - use the appropriate library or the library provided by Signer.Digital to insert the signature in pdf
If an error occurs, an error message is returned starting with "SDHost Error:"
Digital signature from browser
