I would like to be able to sign data on the browser using 100% JavaScript and cryptographic token based keys.
From what I have seen so far, all old implementations of this functionality are being discontinued (e.g. even new ActiveXObject("CAPICOM.Store"); doesn't seem to work in IE11 any more since it throws an error! - I don't know if I am missing something... Perhaps because I run it in the Console window...).
I have looked into the specs of the WebCryptoAPI (that is supposed to be the be the new supported way):
http://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-sign
...and then at this (which is more clear, organized and helpful):
http://msdn.microsoft.com/en-us/library/ie/dn302332(v=vs.85).aspx
...and I saw that it allows you to create new keys (generateKey), but I am not sure if it supports using keys from tokens. There is an importKey but from the description it seems that is not what I need in order to sign with an existing key that the OS can see.
Does this web-standard aim at allowing that kind of functionality? Can I use it as it is now and achieve my goal?
Can I do anything better at least in Firefox that has a device manager (Options->Certifivates->Security Devices)?
Related questions:
Accessing signing/encryption in a browser's Keystore using JavaScript - sample code? (WebCryptoAPI)
js signature on chrome with OS keystore
UPDATE:
I have also found this PDF: http://webpki.org/papers/PKI/x509-webcrypto-extension-scheme.pdf
From what I have seen, there is no window.crypto.subtle.KeyStore in any of the browsers, so I guess this is wild dreams that people have for the distant future...
UPDATE2: This was the reason I couldn't load the ActiveX in IE11: https://stackoverflow.com/a/5157766/2173353
So, at least, there is one old way still working...
