4

I would like to ask if is still impossible, using JavaScript, to get key from USB token or from certificate stored in Browser. I was reading many articles which said WebCryptoApi doesn't enable to do that.

Is any option to get key from token? Maybe something was changed?

macieg_b
  • 165
  • 3
  • 15
  • Refer to complete documentation of free Signer.Digital Browser Extension for browser signing, encryption/decryption or Certificate Download in this [SO Answer](https://stackoverflow.com/a/63173083/9659885) – Bharat Vasant Aug 02 '22 at 10:29

2 Answers2

4

It is not possible for now. The WebCryptoApi does not support using keys stored in external keystores like smartcards, Mozilla keystore or Windows KeyStore (used by Chrome and Explorer), and reading the comments of the last conferences, it is not a current priority.

There is another Javascript API specification of W3C to be used with Web Cryptography Api. See WebCrypto Key Discovery

This note describes a JavaScript API for discovering named, origin-specific pre-provisioned cryptographic keys for use with the Web Cryptography API.

Unfortunately is still a working group under development.

pedrofb
  • 37,271
  • 5
  • 94
  • 142
  • I read about WebCrypto Key Discovery but it's not ready to use. Maybe is another way to achieve a goal? – macieg_b Jul 27 '16 at 09:13
  • There is not even a release candidate. I'm afraid there is not enough interest – pedrofb Jul 27 '16 at 09:28
  • ... and without it JS based encryption in the browser is dead in the water. – Maarten Bodewes Oct 07 '16 at 00:01
  • I have used some web apps from accountant companies and government revenue services and they all use the token certificate to authenticate and sign documents. How they do this without the WebCrypto Key Discovery? – Allan Veloso Feb 26 '19 at 00:38
  • 2
    @AllanVeloso, it is possible to authenticate in the browser with a USB token using two ways SSL authentication.The browser prompts user for the certificate if the SSL connection requires it. To sign documents the most common solution is to install local software on the computer and use it from javascript through an http or websocket connection – pedrofb Feb 26 '19 at 06:53
1

I think that with the Chrome Native Messaging implementations its possible. The native messaging implemented into Firefox and Edge too. Check this: https://github.com/open-eid/chrome-token-signing

Viktor Varga
  • 649
  • 5
  • 3