HTML5 and Digital Signatures: Signature Creation Service

Generate digital signatures without browser extensions.

SCS SPEC SCS for Desktop SCS for Android SCS Tester SCS Authentication SCS authentication with remote card-reader

Introduction

The Signature Creation Service (SCS) specifies a method to generate digital signatures in HTML5 applications [HTML5] that are executed in User Agents, i.e., web browsers. The specification utilizes the Cross-Origin Resource Sharing (CORS) specification [CORS] that enables an HTML5 application downloaded from Site A to communicate with a service located in Site B using Javascript's XMLHttpRequest mechanisms [XHR], for instance. The communication protocol uses HTTP protocol and the information elements are transferred using JSON format [JSON].

The HTML5 application makes a signature request by sending the data that needs to be signed to the SCS. Upon receiving the request, the SCS displays a certificate selection dialog to the end user, who will select the certificate that will be used to generate the digital signature. If required, the end user enters the PIN code for accessing the private key to generate the signature. Once the signature is created, the SCS sends the signature along with the certificate chain and other needed information to the HTML5 application. Upon receiving the digital signature, the HTML5 application uses it according to its specifications.

Development resources

SCS module for javascript

SCS module encapsulates an automatic discovery to the SCS ports and offers an easy to use sign function that uses the SCS.

Latest version of the SCS module: scs.js.

Example usage:

function sign() {

   // build the request object as specified, an example:
   var request = {
     version: "1.0",
     selector: {
       issuers: [
         "<issuer DN of an accepted CA>",
         "<issuer DN of another accepted CA>"
       ],
       keyusages: [
         "digitalsignature",
         "nonrepudiation"
       ]
     },
     content: "<to be signed data, base64 encoded>",
     contentType: "data",
     hashAlgorithm: "SHA256",
     signatureType: "signature"
   }  

   // and do the signing, call handleResponse function with the response
   SCS.sign(handleResponse,request);

}

// callback function for SCS
function handleResponse(response) {
  // the response is the response returned from SCS.
  if (response.status=="ok") {
    // signature was generated
  } else {
    // signature was not generated for some reason
  }
}