signing a document with pcks#11 instead of 12. please help.

Hi,
I have the following setup,
S: FreeBSD 

Apache 2.2

PHP 5.3

MySQL 5.5


Nowadays I just sign PDF files with PKCS#12 at server side.

In my PHP webpage when I need to sign some PDF I developed a JAVA JAR application with iText.

So I just call this java app from PHP using exec function. This java will receive a PDF file as input, so it will sign with de PKCS#12 and create an output_file signed.


<?PHP

exec("java -jar /path_to_java_app/MySigner.jar ‘INPUT_FILE.pdf’  ‘OUTPUT_SIGNED_FILE.pdf’ ");

?>


But now I need to sign using PKCS#11 - token usb at the client side.

How can i do this? Any sample code woukd be appreciated.

br.
LVL 12
jazzIIIloveAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Julian HansenCommented:
But now I need to sign using PKCS#11 - token usb at the client side.

If I understand you correctly you want to access the USB drive on the client computer from PHP?

If so not possible in the ordinary sense. PHP has no jurisdiction on the client - has no direct knowledge of its existence.

You would need a client side solution to fetch and deliver - which if worked over the web would open a security can of worms - or am I misunderstanding the situation.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jazzIIIloveAuthor Commented:
Yes,

You understand the issue correctly. Can you elaborate the client side solution?
Any sample code?
0
Julian HansenCommented:
A bit of a speed bump this one. Traditionally browsers have a sandbox environment that prevents access to the local machine (for obvious security reasons) - can't have a web page messing with your stuff.

More info here
http://en.wikipedia.org/wiki/JavaScript#Security

There might be some info here (http://www.html5rocks.com/en/tutorials/file/dndfiles/) but I doubt it will help with your setup.

The only other option is an installed plugin / applet that can do what you want and act as intermediary between browser and hardware.

Bottom line though - for security reasons this sort of activity is made extremely difficult.
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

jazzIIIloveAuthor Commented:
What about via Java web service? Posdible?
0
jazzIIIloveAuthor Commented:
Possible?
0
CEHJCommented:
Java could do it on the client side but in order to run without security problems, you would need to sign the code with a proper cert
0
Julian HansenCommented:
What about via Java web service? Posdible?
No - Web Service implies code runs on the server.

The key thing here is security. You are talking about digitally signing documents - this has to be a process the user has complete control over. If it was possible to do this with scripting in a web page the signature would be worth nothing.

So even if it was possible to do it via scripting the solution would be worthless.

You need a client side application - as I said before applet or plugin - or a standalone application that allows you to do this.

If it were me I would write a non-web application using C# or C++ that connects to the PHP service and does the document signing that way - this might not work for you given a browser is involved as you most probably want seamless integration between the web application and the signing. So you are left with the plugin / applet option (signed as CEHJ said)
0
CEHJCommented:
Applet or Java Web Start app. That way, you don't have to worry about distribution of your app - it gets served up from the Web
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.