Something else is needed, such as Flash. Writing digital signature code in pure JavaScript would not be a big problem (although it would require a lot of work and it would work very slowly), access to the certificate stored on the local system is not possible using pure JavaScript. One option would probably be to create an existing object (for example, a CAPICOM module), but (a) it is probably limited to IE and Windows, and (b) CAPICOM itself is deprecated by Microsoft.
If your problem is that such objects should be written, then our Secureblackbox product in version 9 (which is now in open beta) components and client modules (Java applet, ActiveX and Flash applet) to perform such distributed signing .
If you just want to avoid using any external modules, then I'm afraid you are out of luck. I would also like for us to have something in pure JavaScript (this would simplify and improve our product), but the problem is accessing the certificate on the client.