Sign data using a private key on the client side (javascript)

Question

Sign data using a private key on the client side (javascript)

I know this looks weird, but I need to sign some data on the client side using only javascript and not an ajax backdoor on the server side of openssl. Can someone suggest some client-side solution for signing data using a private key? Is it possible?

Thanks.

+4

javascript cryptography openssl digital-signature private-key

Anatoliy Mar 21 '11 at 17:49

source share

3 answers

I followed the same road as you, you are probably better off implementing something like oAuth.

The problem with what you offer is that there is no absolutely reliable way to store the private key on the client machine, and now it is safe to get the public key on a server other than HTTPS (and if you use HTTPS, what is this point?)

If you really want to continue, there are some implementation options: http://shop-js.sourceforge.net/crypto2.htm

And you probably want something terribly annoying like PersistJS (http://pablotron.org/?cid=1557) to try to keep the private key as long as possible.

+3

Mark kahn Mar 21 '11 at 18:00

source share

W3C web cryptography API can help. May I use it , it means that modern browsers now support it.

For additional digital signature support, see GlobalSign / PKI.js

PKIjs is a pure JavaScript library that implements the formats used in PKI applications (signing, encryption, certificate requests, OCSP, and TSP request / response). It is built on WebCrypto (Web Cryptography API) and does not require plugins. http://pkijs.org

+1

Kevin hakanson Jun 03 '15 at 15:09

source share

Anatoliy · Accepted Answer · 2011-03-23T07:17:32+0000

Found a great signature tool . It implements RSA-SHA1 (works great) and RSA-SHA256 (works weird) and allows you to generate a signature using the private key and verify the signature using the certificate.

Sign data using a private key on the client side (javascript)

More articles: