Best way to sign data in web form with user certificate_问答_开发者

We have a C# web app where users will connect using a digital certificate stored in their browsers.

From the examples that we have seen, verifying their identity will be easy once we enable SSL, as we can access the fields in the certificate, using Request.ClientCertificate, to check the user's name.

We have also been requested, however, to sign the data sent by the user (a few simple fields and a binary file) so that we can prove, without doubt, which user entered each record in our database.

Our first thought was creating a small text signature including the fields (and, if possible, the md5 of the file) and encrypt it with the private key of the certificate, but...

As far as I kn开发者_JAVA百科ow we can't access the private key of the certificate to sign the data, and I don't know if there is any way to sign the fields in the browser, or we have no other option than using a Java applet. And if it's the latter, how we would do it (Is there any open source applet we can use? Would it be better if we create one ourselves?)

Of course, it would be better if there was any way to "sign" the fields received in the server, using the data that we can access from the user's certificate. But if not, any info on the best way to solve the problem would be appreciated.

I suggest you to use java-applet. This approach is unified for all browsers. We use it in our projects. To sign the user-data you will need to use JCA API (http://download.oracle.com/javase/1.4.2/docs/guide/security/CryptoSpec.html#Signature). Also you will need to solve problem with accessing windows certificate store from java.

You can solve it in this way:

KeyStore keystore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");

keystore.load(null, null);

HashMap<String,String> userPublicKeys = new HashMap<String,String>();

Enumeration<String> aliasesEnum = keystore.aliases();

if (!aliasesEnum.hasMoreElements())
    throw new Exception("No certificate!");

// list through windows personal store
while (aliasesEnum.hasMoreElements()) 
{
   String alias = aliasesEnum.nextElement();

   boolean isKey = keystore.isKeyEntry(alias);

   if (isKey)
   {
       BASE64Encoder encoder = new BASE64Encoder();
       encoder.encode(keystore.getCertificate(alias).getEncoded());

       userPublicKeys.put(alias, encoder.encode(keystore.getCertificate(alias).getEncoded()));
       System.out.println("Entry alias: " + alias); 
   }

   // sign
   PrivateKey privateKey = (PrivateKey) keystore.getKey(alias,null);           

   Provider provider = keystore.getProvider();
   // data to signed
   byte[] data ="test data".getBytes();
   // Signing the data
   Signature sig = Signature.getInstance("SHA1withRSA", provider);
   sig.initSign(privateKey);

   sig.update(data);
   byte[] signature = sig.sign();

   System.out.println(ByteArrayToFromHexDigits.bytesToHexString(signature).toUpperCase());
}

You will need to ask your legal department if this is a strong enough "signing" but with every posting of the fields have the server record the field values and the fingerprint of the cert from the handshake of the client certificate. Yes this is "forgeable" as anyone with knowledge of the fingerprint could create a fake record in the database, but with proper database security you can remove that vector of attack and have a record of who posted what (as you can not fake the fingerprint of the client certificate in a two way authentication of SSL)

we can't access the private key of the certificate to sign the data,

If this was not true, then the server could remember the certificate itself and use it to appear to be the real client when using other services.

I.e. would completely invalidate the use of client certificates to authenticate the client.

and I don't know if there is any way to sign the fields in the browser,

How about asking this question with suitable client side tags (e.g. JavaScript, Browser) to get the right audience. (I'm sure it could be done with the browser extension or ActiveX object—but that creates its own problems.)

There is a JavaScript method crypto.signText that allows to sign arbitrary text with client cerificate. Here are some docs and a signed form example. It seems, currently only Firefox supports it.

For IE there is CAPICOM ActiveX object (available as a download from MS). Here is an example of its usage.

I'm not sure about support for these features in different browser and OS versions, you'll probably have to check it for your configuration.