Java Applet for Signing with a Smart Card
The Subsystem for Signature and Certificate Verification
In the previous part of this series of articles, you saw how you can receive signed files, verify their signature, and the certificate used in the signing process. When using a smart card instead of a PFX file for the signing, there is no need to make any changes on the server side. This is why I am not going to discuss it again, but will only remind you that it is constructed as a J2EE Web application that accepts the sent file, the calculated digital signature and the user certificate, and verifies them. The certificate verification is done in two ways: directly or through verification of its certification chain (if it is available).
The NakovDocumentSigner System
The new and improved version of the NakovDocumentSigner, used for digitally signing documents in a Web environment and verification of digital signatures and certificates, consists of the following components:
- DigitalSignerApplet: A Java applet for signing documents in the user's Web browser using a certificate located in a PKCS#12 keystore (PFX file).
- SmartCardSignerApplet: A Java applet for the signing of documents in the user's Web browser with a smart card.
- DocumentSigningDemoWebApp: A Java and Struts-based Web application for receiving signed documents and verifying their digital signature and certificate. The application includes a subsystem for digital signature verification, a subsystem for direct verification of the certificate, and a subsystem for verification of the certification chain.
Figure 4: Architecture of the system for signing documents in Web environment
On the client side, a standard Web browser is operating in which Java applets for document signings of documents are executed (DigitalSignerApplet and SmartCardSignerApplet).
On the server side a Java-based Web application is operating. It accepts the signed documents and checks their digital signature and the certificate used to sign them.
Download the NakovDocumentSigner System
The system NakovDocumentSigner, together with all its components, is distributed absolutely free and can be downloaded and used for any purpose without limitation, including as a part of commercial applications. The latest version of NakovDocumentSigner can be downloaded at here.
In this article, you learned how to implement a Java applet that signs files in the client's Web browser with a smart card and sends them to the Web server for further processing. In the whole series of articles, starting with Digital Document Signing in Java-Based Web Applications, you learned how to implement a Java-based framework for signing documents in a Web environment with a PKCS#12 keystore file or with a smart card and how to verify the signatures, certificates, and certificate chains at the server side.
This technology can be easily extended in several ways:
- The later technology could be further extended to support the XMLDSIG standard that can sign and send to the server the Web forms along with their signatures as a signed XML.
About the Authors
Svetlin Nakovis a technical director of the National Academy for Software Development, where he trains software specialists for practical work in the IT industry. He has many years of professional experience as a software developer, consultant, and trainer. His interests include the Java technologies, the .NET platform, and information security. Svetlin is an author of several books and lots of scientific and technical publications in the area of software development.
Nikolay Nedyalkov is a president of the Association for Information Security (ISECA) and works to apply the world's best practices to assure information security at a national level and when conducting business online. Nikolay is a professional software developer, consultant and lecturer with serious experience.
Page 4 of 8