I need to sign data stored on the server using the key stored on the client's computer. How do I do this?

There are several methods:

  1. Transfer the certificate and a private key to the server. This option significantly undermines security of the private key and should be avoided (we mention it here for completeness and awareness).
  2. Transfer the document to the client. Not always possible for security and other reasons. If such transfer is possible, signing can be done using a client-side module (an application, browser plug-in or some Java applet or ActiveX control) which you need to create. Javascript won't be enough here. Also the client-side module must include functionality to do digital signing, which is not always possible.
  3. Calculate the hash of the data on the server and send it to the client. The method is similar to method 2 above with exception that not the document itself is sent to the client, but only its hash. This method requires that there exists a server-side code, which can embed or in other way merge the signature with the original document.

SecureBlackbox offers Distributed Cryptography Add-on for those components which support signing of data (CMS / CAdES, PDF / PAdES, XMLDSig / XAdES standards and Office document signing). Those components can calculate a hash and send it to the client for signing, and then incorporate the signature to the document. Also Distributed Cryptography Add-on includes pre-built client-side browser modules (Java applet, Flash applet and ActiveX control) which can sign the hash.

Distributed Cryptography Add-on is an add-on which can be purchased with selected packages (PKIBlackbox, PDFBlackbox, XMLBlackbox, OfficeBlackbox, SecureBlackbox Data Security and SecureBlackbox Professional).

Ready to get started?

Learn more about SecureBlackbox or download a free trial.

Download Now