I have an intranet web application where I need to sign PDF documents which live on the server side. The signer has to be the end user who is currently issuing the sign command from a given web page, and his digital signature/certificate is located in his Smart Card.
From what I have gathered, when a user plugs his smart card into the reader, the information is populated to Windows Key Store. Am I right? So what I need to do is to somehow read that information off Windows Certificate Store from Internet Explorer. I know javascript doesn’t reach that information. I also know that java can do it, but if I can avoid using a java applet, I would.
Any ideas?
Its not possible to do so.
If you want to sign document, the browser would have to send a certificate containing the private key to the server. If you could access the Windows Certificate Store through the browser, that would be a critial security issue, since an attacker could read all the certifiates private keys.
Another thing I’d suggest based on the basic idea you’re describing
Build a secure authentication system where the users can sign into the intranet app using forms or windows authentication.
Hold a certificate for each user on the server side. If the user then uploads the PDF sign it using the users certificate and offer it to be downloaded.
Please think of having a local app
If the user has a SmartCard locally, why not having a local application signing the PDF? See you’ve got all you need and want locally. Why push it to the server side?