NakovDocumentSigner :: SmartCardSignerApplet – Demo
This demo is intended to illustrate how SmartCardSignerApplet signs files with a smart card in the client’s Web browser. The user is given below a file upload browser control, two text fields for the results of the signing process and a Java applet for signing the selected file. When the user select some file and click on the [Sign selected file] button from the applet, the applet shows a dialog for locating his PKCS#11 implementation library (.dll file in Windows or .so file in Linux) and the PIN code for accessing the smart card. After selecting the PKCS#11 library and the PIN code, the applet signs selected file and shows the results of the signing in the text fields in the client’s browser. The first text field is used for storing the user’s certificate and its certification chain. The second is used for storing the calculated signature of the signed file.
Requirements for Running the Demo
To run the demo, you need:
- Java Plug-In 1.5 or later, installed in your Web browser.
- Smart card reader, smart card and PKCS#11 drivers for it.
- You should accept to trust the SmartCardSignerApplet to run with full permissions.
If the button [Sign selected file] is missing, this means that the applet is not correctly loaded (in most cases Java is not installed in your browser).
The SmartCardSignerApplet Demo
Some Technical Details
The applet is signed, because it should be able to access your local file system. To run the demo, you should accept the applet to run with full permissions.
To sign files with the given applet, you should have a smart card reader with a smart card in it and PKCS#11 implementation library for the smart card. The smart card should contain a certificate with its corresponding private key and optionally the certification chain for the certificate. The PIN code for accessing the smart card is also required.
The result of the signing process are two string values stored in two text fields in the client’s Web browser. The first value is the certification chain starting with the user’s certificate. This certificate with its chain is extracted from the smart card and is represented as ASN.1 DER sequence of certificates, encoded in Base64. The calculated signature is also Base64 encoded.
The applet is intended to sign files before uploading them. Appropriate functionality for receiving signed files, decoding certificates and signatures,verifying certificates, certification chains and digital signatures will be needed at the server-side.