Saturday, June 26. 2010
Signature Applet - Using Browser Store
Comments
Display comments as
(Linear | Threaded)
Hi Ricky, am Subhash from Bangalore,India, was looking for applet on Linux system, can you please share the applet.
Thnx,
Subhash
i.subhash@gmail.com
Thnx,
Subhash
i.subhash@gmail.com
Subhash, the code of the applet is in the previous entry. It's not the complete project but the main files. http://blogs.nologin.es/rickyepoderi/index.php?/archives/12-Signature-Applet.html
Hi Ricky, I'm from Brazil.
I'm trying to run an applet in both IE and FF browsers to communicate with a web service, using a Token, that requires authentication, On IE the application works fine, but on FF I received a Exception Bad_Certificate...the handshake...
IE...
...
** ServerHelloDone
**
found key for : MSCryptoRSAPrivateKey [HCRYPTPROV=3204256, HCRYPTKEY=3260336, key length=1024bits]
chain [0] = [
[
Version: V3
Subject: CN=XXXXXXX, OU=Autenticado por Certisign Certificadora Digital, OU=RFB e-CNPJ A3, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, L=XXXXXX, ST=XX, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.820.114567.1.1.5
...
Fifefox...
...
** ServerHelloDone
** Certificate chain
**
** ClientKeyExchange, RSA PreMasterSecret, TLSv1
thread applet-faturamento.applet.NfseApplet-1, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
...
may you help me about this?
sorry by the bad english...^^
I'm trying to run an applet in both IE and FF browsers to communicate with a web service, using a Token, that requires authentication, On IE the application works fine, but on FF I received a Exception Bad_Certificate...the handshake...
IE...
...
** ServerHelloDone
**
found key for : MSCryptoRSAPrivateKey [HCRYPTPROV=3204256, HCRYPTKEY=3260336, key length=1024bits]
chain [0] = [
[
Version: V3
Subject: CN=XXXXXXX, OU=Autenticado por Certisign Certificadora Digital, OU=RFB e-CNPJ A3, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, L=XXXXXX, ST=XX, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.820.114567.1.1.5
...
Fifefox...
...
** ServerHelloDone
** Certificate chain
**
** ClientKeyExchange, RSA PreMasterSecret, TLSv1
thread applet-faturamento.applet.NfseApplet-1, WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
...
may you help me about this?
sorry by the bad english...^^
Hi Ricky,
I`m using asp.net and i need authenticate user choosing digital certificate using Java Applet.
Is it possible to do it using your Java Applet?
sorry bad english ...^^
I`m using asp.net and i need authenticate user choosing digital certificate using Java Applet.
Is it possible to do it using your Java Applet?
sorry bad english ...^^
Hi Bruno,
In order to authenticate a user using a certificate you need to read another of my entries (http://blogs.nologin.es/rickyepoderi/index.php?/archives/47-Certificate-Security-in-JavaEE-Custom-Solution.html). That entry explains how to login into a JavaEE server via certificate using a custom solution, in .NET I suppose you'll have to set up client certificate to the IIS and find a way to recover the client certificate. You can use the ideas of the entry but not the code (the code is Java).
In my opinion you don't need a Java plugin to authenticate users, this plugin is to sign/encrypt in the client side, never for login. Nevertheless if you find this applet useful for anything, of course you can download and use it.
Thanks for reading Bruno.
In order to authenticate a user using a certificate you need to read another of my entries (http://blogs.nologin.es/rickyepoderi/index.php?/archives/47-Certificate-Security-in-JavaEE-Custom-Solution.html). That entry explains how to login into a JavaEE server via certificate using a custom solution, in .NET I suppose you'll have to set up client certificate to the IIS and find a way to recover the client certificate. You can use the ideas of the entry but not the code (the code is Java).
In my opinion you don't need a Java plugin to authenticate users, this plugin is to sign/encrypt in the client side, never for login. Nevertheless if you find this applet useful for anything, of course you can download and use it.
Thanks for reading Bruno.
Thanks for the answer Ricky!
Please, look the link above:
https://cav.receita.fazenda.gov.br/eCAC/publico/login.aspx
This link has a button "Cerfiticado Digital@", and when I click, open dialog window to choose my local machine certificate.
My scenario is equals than. I need to do it and I think using java applet is the best way to do it.
Now, my problem is: I don't know nothing about Java and Java Applet. I'm a .Net developer (sorry..rsrsrs). I downloaded Eclipse and Jdk 7, but I'm lost.
Thanks again your help rick!!
Please, look the link above:
https://cav.receita.fazenda.gov.br/eCAC/publico/login.aspx
This link has a button "Cerfiticado Digital@", and when I click, open dialog window to choose my local machine certificate.
My scenario is equals than. I need to do it and I think using java applet is the best way to do it.
Now, my problem is: I don't know nothing about Java and Java Applet. I'm a .Net developer (sorry..rsrsrs). I downloaded Eclipse and Jdk 7, but I'm lost.
Thanks again your help rick!!
No Bruno, a login is never done using a Java applet. The web server is configured to request user certificate, the browser (previously the user has installed one or more client certificates in it) shows a dialog to select which certificate to present and that's all. The browser is the one that does all the stuff, don't reinvent the wheel.
As I said you better check the series I wrote about this issue (they are for Java but you need to use more or less the same ideas):
http://blogs.nologin.es/rickyepoderi/index.php?/archives/46-Certificate-Security-in-JavaEE-Demo-Setup.html
http://blogs.nologin.es/rickyepoderi/index.php?/archives/47-Certificate-Security-in-JavaEE-Custom-Solution.html
In summary:
-> Configure IIS (or whatever server you use) to request client certificates.
-> Find a way to get the client certificate in .NET.
-> Use some info in the cert to map the user against you user repository (DDBB, LDAP,...).
Please, trust me. Forget about applets for logins.
As I said you better check the series I wrote about this issue (they are for Java but you need to use more or less the same ideas):
http://blogs.nologin.es/rickyepoderi/index.php?/archives/46-Certificate-Security-in-JavaEE-Demo-Setup.html
http://blogs.nologin.es/rickyepoderi/index.php?/archives/47-Certificate-Security-in-JavaEE-Custom-Solution.html
In summary:
-> Configure IIS (or whatever server you use) to request client certificates.
-> Find a way to get the client certificate in .NET.
-> Use some info in the cert to map the user against you user repository (DDBB, LDAP,...).
Please, trust me. Forget about applets for logins.
Thanks Ricky,
You are the guy!
This is the way.. I can see it now!
Thanks again!!!
You are the guy!
This is the way.. I can see it now!
Thanks again!!!
Hello!
I saw you demonstration and are great. Is possible to get source code ? I would like to try with sing pdf.
Br,
Yeanez
I saw you demonstration and are great. Is possible to get source code ? I would like to try with sing pdf.
Br,
Yeanez
Hi Yeanez,
The code is in the previous entry (the link is at the beginning of this one), there are some java files with the applet implementation. I think that a later entry added a PKCS11 signer (in order to use a PKCS11 device) with the corresponding java file too.
Regards!
The code is in the previous entry (the link is at the beginning of this one), there are some java files with the applet implementation. I think that a later entry added a PKCS11 signer (in order to use a PKCS11 device) with the corresponding java file too.
Regards!
Hi,
I`m using java applet and i need authenticate user choosing digital certificate from usb token.
I use your code and don't
know how to determine nssLibraryDirectory.
I download nss-3.17.3 package but I give one error that nss3.dll not exists ???
Please explain me what to do.
Thanks in advance.
Regards.
I`m using java applet and i need authenticate user choosing digital certificate from usb token.
I use your code and don't
know how to determine nssLibraryDirectory.
I download nss-3.17.3 package but I give one error that nss3.dll not exists ???
Please explain me what to do.
Thanks in advance.
Regards.
Hi,
If you want to authenticate a user you don't need an applet. In order to authenticate a user using certificates you have to configure your web or app server to request the client certificate and deal with it. Please see my answers to Bruno above.
If you need to encrypt or sign something via a web browser then you can use an applet similar to this one. The nssLibraryDirectory is where NSS libraries are and I suppose that in windows they are packed with the firefox bundle. Search the nss3.dll inside the firefox install directory.
ciao!
If you want to authenticate a user you don't need an applet. In order to authenticate a user using certificates you have to configure your web or app server to request the client certificate and deal with it. Please see my answers to Bruno above.
If you need to encrypt or sign something via a web browser then you can use an applet similar to this one. The nssLibraryDirectory is where NSS libraries are and I suppose that in windows they are packed with the firefox bundle. Search the nss3.dll inside the firefox install directory.
ciao!
Hi ricky,
I'm a french student and i have to make an applet with windows 7 to sign a document with firefox's certificates.
Thanks a lot for your example but it doesn't work on my computer, i have this error :
java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:212)
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:107)
at sample.applet.PKCS11Signer.setProperties(PKCS11Signer.java:91)
at sample.applet.SignApplet.createSigner(SignApplet.java:155)
at sample.applet.SignApplet.init(SignApplet.java:377)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: NSS initialization failed
at sun.security.pkcs11.Secmod.initialize(Secmod.java:223)
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:207)
Do you have any idea why i have that?
Thanks in advance for your help,
Best regards,
Olivier.
I'm a french student and i have to make an applet with windows 7 to sign a document with firefox's certificates.
Thanks a lot for your example but it doesn't work on my computer, i have this error :
java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:212)
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:107)
at sample.applet.PKCS11Signer.setProperties(PKCS11Signer.java:91)
at sample.applet.SignApplet.createSigner(SignApplet.java:155)
at sample.applet.SignApplet.init(SignApplet.java:377)
at com.sun.deploy.uitoolkit.impl.awt.AWTAppletAdapter.init(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: NSS initialization failed
at sun.security.pkcs11.Secmod.initialize(Secmod.java:223)
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:207)
Do you have any idea why i have that?
Thanks in advance for your help,
Best regards,
Olivier.
Comments