0

im 100% new to digital signature, as far as i understand, a document is signed by an user private key, and that signature is checked using the public key. my problem is that i have a web application, and a file server... Files are created on an earlier stage. then an user that is using the application checks the files and signs them using his key.

those files are stored on a file server and they need to be strip from some of the content in order to do the signature (according to the implementation manual of the file, an HL7 CDA file). so, i need some direction to understand how to do this, should i retrieve the file, then alter it and sign it from the browser, or should i send the private key to the server and make all things there?

or any other option, mks.

EricGS
  • 1,323
  • 2
  • 17
  • 42
  • Your question is not clear. Do you need to know how to strip the content, how to sign the file (depends on the type of file), etc? – Peter Ritchie Sep 23 '14 at 18:15
  • sorry, i need to know what will be the best approach to sign the document, i dont know if is wrong to send the private key to the server to sign the file on the server or if i should send the file to the client and sign it there, then send it back or any other approach, i need some pointers to do a more in deep reaserch, tks – EricGS Sep 23 '14 at 18:22
  • 1
    Sending private keys to the server would be against security. If the file really needs to be altered, there is no other choice that sending it back to the client to resign it. – Wiktor Zychla Sep 23 '14 at 18:24
  • 1
    Not to mention that if the private key is on a smart card for example, it cannot be "sent to the server". – Wiktor Zychla Sep 23 '14 at 18:25
  • ha ok, that is was i need to know, the true is that the signature process described on the implementation says that i need to remove some metadata an other signatures content, sign the result document, then place the result of the signature in the non striped doument – EricGS Sep 23 '14 at 18:30
  • You need to use Browser Extension for Modern Browsers. The flow diagram in this SO answer https://stackoverflow.com/a/55676351/9659885 might be helpful – Bharat Vasant Mar 16 '20 at 10:44

1 Answers1

0

There are three options possible:

  1. Transfer the file to the client. Have some client-side module that performs signing. The difficulty is that the files can be huge.
  2. Transfer the key to the server. Sign the data on the server. This can be a problem if the private key is non-exportable (stored in hardware or just flagged as non-exportable in Windows CryptoAPI).
  3. Use the distributeed solution which will calculate the hash on the server, transfer it to the client, calculate the signature on the client and send it back to the server. The example of such solution can be found in this SO answer.
Community
  • 1
  • 1
Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121