在客户端使用私钥对数据进行签名 (javascript)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5381528/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Sign data using private key on client-side (javascript)
提问by Anatoliy
I know, it looks strange, but I need to sign some data on client-side using javascript only, no ajax backdoor to server-side openssl available. Could someone suggest some client-side solution to sign data using private key? Is it possible?
我知道,这看起来很奇怪,但我只需要使用 javascript 在客户端签署一些数据,没有可用的服务器端 openssl 的 ajax 后门。有人可以建议一些客户端解决方案来使用私钥对数据进行签名吗?是否可以?
Thanks.
谢谢。
采纳答案by Anatoliy
Found great signing tool. It implements RSA-SHA1 (works perfectly) and RSA-SHA256 (works strange), and allow both to generate signature using private key and to verify signature using certificate.
找到了很棒的签名工具。它实现了 RSA-SHA1(工作完美)和 RSA-SHA256(工作奇怪),并允许使用私钥生成签名并使用证书验证签名。
回答by Mark Kahn
I've gone down the same road as you, you're probably better off implementing something like oAuth.
我和你走上了同样的道路,你可能最好实施像 oAuth 这样的东西。
The problem with what you're proposing is that there's absolutely no reliable way of storing the private key on the client machine, nor of now securely getting the public key back to the server other than HTTPS (and if you're using HTTPS, what's the point of this?)
您提议的问题在于,绝对没有可靠的方法将私钥存储在客户端计算机上,现在也没有将公钥安全地返回到除 HTTPS 之外的服务器的方法(如果您使用的是 HTTPS,什么是这是重点?)
If you really want to continue, there are some implementations out there: http://shop-js.sourceforge.net/crypto2.htm
如果你真的想继续,那里有一些实现:http: //shop-js.sourceforge.net/crypto2.htm
And you probably want something horribly annoying like PersistJS (http://pablotron.org/?cid=1557) to try and save the private key as long as possible.
而且您可能想要像 PersistJS (http://pablotron.org/?cid=1557) 这样令人讨厌的东西来尝试尽可能长时间地保存私钥。
回答by Kevin Hakanson
The W3C Web Cryptography APImay be able to help. Can I useindicates modern browsers now support it.
W3C Web Cryptography API可能会有所帮助。 Can I use表示现代浏览器现在支持它。
For additional digital signature support, look at GlobalSign/PKI.js
如需额外的数字签名支持,请查看GlobalSign/PKI.js
PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications (signing, encryption, certificate requests, OCSP and TSP requests/responses). It is built on WebCrypto (Web Cryptography API) and requires no plug-ins. http://pkijs.org
PKIjs 是一个纯 JavaScript 库,用于实现 PKI 应用程序中使用的格式(签名、加密、证书请求、OCSP 和 TSP 请求/响应)。它建立在 WebCrypto(Web Cryptography API)之上,不需要插件。 http://pkijs.org
回答by RT Denver
Web Crypto appears to be the answer. Here is a tutorial(not mine). As for the comment, if you are using https, why do you need signing - these are needed for two different purposes. In infosec lingo, the former gives confidentialityand the latter non-repudiation.
Web Crypto 似乎是答案。这是一个教程(不是我的)。至于评论,如果您使用的是 https,为什么需要签名 - 这些是用于两个不同的目的。在信息安全术语中,前者提供机密性,后者提供不可否认性。
