How do I need sign data stored on the server using the key stored on the client computer?

There are several methods:

  • Transfer the certificate and a private key to the server. This option significantly undermines the security of the private key and should be avoided (we mention it here for completeness and your awareness).
  • Transfer the document to the client. Not always possible for security and other reasons. If such a transfer is possible, signing can be done using a client-side module (an application, browser plug-in, Java applet, or ActiveX control), which you need to create. Javascript will not be enough here. Also the client-side module must include functionality to do digital signing, which is not always possible.
  • Calculate the hash of the data on the server and send it to the client. The method is similar to method 2 above with the exception that the document itself is not sent to the client, but only its hash. This method requires that server-side code exists that can embed or merge the signature with the original document.

SecureBlackbox offers the Distributed Cryptography Add-on for those components that support the signing of data (the CMS / CAdES, PDF / PAdES, XMLDSig / XAdES standards and Office document signing). Those components can calculate a hash, send it to the client for signing, and then incorporate the signature to the document. Also, the Distributed Cryptography Add-on includes prebuilt, client-side browser modules (the Java applet, Flash applet, and ActiveX control) that can sign the hash.

The Distributed Cryptography Add-on is an add-on that can be purchased with selected packages (PKIBlackbox, PDFBlackbox, XMLBlackbox, OfficeBlackbox, SecureBlackbox Data Security, and SecureBlackbox Professional).

Ready to get started?

Learn more about SecureBlackbox or download a free trial.

Download Now