-
-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Get certificate signature #107
Comments
You need to use ASN.1 parser. You can use PKIjs module for it |
Ho do I work with PKCS#11 hardware tokens from PKIjs? I cannot find it among the examples. |
PKIjs supports Crypto Engines. You can create your own engine which will implement GOST algorithms. You can use this code for example. It implements unsupported WebCrypto algorithms like RC2 an DES. |
Thanks, I know that - Yury Strozhevsky has told me about writing that engine... but writing an engine is a comples task, I'd rather assemble ASN.1 structure of CMS and save it as a DER .sig file, all I need for it is a certificate from a token, a message digest and then sign the CMS. I try this way, "cert" is imported, but the last line fails, why?
|
I think the problem is in data type. Try |
It worked, thanks! Now I stepped little further :) But I need a universal solution that would work with other HSMs as well. |
It would be nice to implement GOST algorithms in WebCrypto API. It'd allow to use GOST for CMS, XMLDSig, XAdES, JOSE creation |
Well, from what I've found, there are few javascript implementations: |
To implement GOST we need:
|
Well, lots of work, but... hell it's useful! |
Strange things happen...
It faild with this error:
|
Try to debug yourself. The valueHex has ArrayBuffer type, not string with hex representation. |
Thank you Yury, sorry, I was mislead by that "Hex" affix. |
Sorry guys for bothering you again. I need to set this in ASN.1:
I add it this way:
But it is not added... |
This worked:
But it gives this instead:
Is this the same? |
https://tools.ietf.org/html/rfc5652
Try digestAlgorithms: [
new AlgorithmIdentifier({algorithmId: "1.2.643.7.1.1.2.2"}),
], |
Thanks again! I added like this to get that "NULL" parameter as well:
|
Strange thing is that using your library I get this format: https://www.screencast.com/t/qbfriw8pQTl
But when I create a signature using Kontur Signature service which uses Crypto PRO provider and another token, which is accepted by our government portal Gosuslugi, it's structure is different: https://www.screencast.com/t/FhczQl2P |
@LumaRay Please call me on Skype:microshine82 |
Thank you Stepan! That was a really fruitful help!! |
Hello.
How can I get a signature value from a certificate stored on a PKCS#11 hardware token like Rutoken ECP 2.0 using this Graphene library?
The text was updated successfully, but these errors were encountered: