Signing over web (X509)


I develope a ASP.NET application. This application generates hash codes witch I need user to sign with his private key from X509 certificate stored on SmartCart or USB token.
I have seen sites on the net and have read articles about authentication with client certificate. My situation is a bit different. Basicaly the workflow would be like this:
1. User comes to a page, fills in some fields and presses "next"
2. Server (ASP.NET application) makes some calculations and shows user the resulting hash on a next page
3. When user presses "sign" button near the hash code browser pops out a window for selecting a certificate, asks for password to access certificate's private data (for signing), signs the hash and sends a signed hash back to server

In particular everything past user pressing "sing" button I have no idea how to achieve the result. So the questions are:
1. Is it possible to do this at all?
2. Is it possible to do this without any browser addons/plugins/activex?
3. Any thoughts, links, articles, technology names?

LVL 14
Who is Participating?
ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
This should be possible, but would require ActiveX or Java since you would need to access the user's certificate store -  keeping in mind that Java maintains its own certificate store.  The smartcard should be less of an issue - you just need to contact the OS cryptographic api and that will talk to the smartcard vendor's middleware which will talk to the card.  Look into MS-CAPI (CryptoAPI) for 2000/xp/2003, and CAPI2 for vista/2008.  Also look into CAPICOM for some calls you can make from VB or C#.

Activex Plugins are probably the easiest, but Java can be used for a zero-footprint method.  Here's a proof of concept for java method from Vasco (an industry leader in their tiny niche):

Here is another product that might be more relevant to what you want to do:

Might try searching for 'e-signatures' (but not or 'digital signatures website customer', etc. and go from there.  Look for advertisements - these will probably be your more relevant hits in this area as there will be a lot of articles saying its a good idea to use digital signatures without telling you about how to go about it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.