0

SO people can sign a message using Thunderbird, how about allowing a person to sign a message through a contact us form? how would one go about making that a realization.

Max
  • 4,152
  • 4
  • 36
  • 52

1 Answers1

1

This is very complicated task which would involve client-side module (ActiveX or Java applet). The reason is that no JavaScript solution is reliable for the reasons described here.

In brief - the module would take JavaScript data to be signed, show this data to the customer and ask him to choose the certificate to be used for signing. Then the data would be signed and signed content would be submitted to the server by the module (not by the browser).

We implemented such scheme in our SecureBlackbox library which you can check if you need to implement such distributed signing. See description of distributed cryptography module here.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • My first thought was, that perhaps I put a button on the page, the person loads their certificate, browser uses the certificate to sign the message that was supposed to be sent and send it the web service. Cant this be done? apart from Java script not being capable, I cant see any reason why wouldn't this be a good idea? – Max Oct 11 '11 at 18:32
  • @Max Browser itself doesn't sign anything, so you can use either Javascript (but it doesn't have access to certificates anyway and even if it had, you probably have read the article) or external plugin. Maybe in future, if signing functionality is built into browsers, you will be able to do this, but not now). – Eugene Mayevski 'Callback Oct 11 '11 at 19:01