search

hwcrypto / hwcrypto.js

Browser JavaScript library for working with hardware tokens
https://hwcrypto.github.io
MIT License
157 stars 47 forks source link

Add authentication support #27

Open martinpaljak opened 7 years ago

martinpaljak commented 7 years ago

Technical description in https://github.com/open-eid/hwcrypto.js/wiki/Authentication

expiorer commented 7 years ago

Is there any guess when will it be implemented? Until then I use a closed source crappy alternative from https://portal.signwise.org/BE/en/p/about/web-browser-module

ainvaltin commented 7 years ago

I see that in the APIv1 wiki the parameter filter of the getCertificate() method has changed from

TBD - filter for the certificate selection

to

AUTH filter certificates with non-repudiation key usage

Can this be used to ask for auth cert/PIN1? Please add more information about this parameter, ie example how to use it, will it require new browser plugin or will be upgrading just the hwcrypto.js be enough etc.

metsma commented 7 years ago

It is not released, but requires updated plugins (chrome-token-signing 1.0.6 and browser-token-signing 3.13.0) also upgrading hwcrypto.js. Yes this can used to ask for auth cert.

DigitalLeaves commented 6 years ago

I'm very interested in this functionality. Could you possible provide some code examples or some guidance on how to ask for PIN1 and get basic information from the certificate? Thank you in advance!

martinpaljak commented 6 years ago

For verified information, you shall have to verify and parse the certificate in your backend. For a secure user verification, the actual functionality to do it in a secure way is not yet fully implemented.

expiorer commented 6 years ago

I am working on an implementation here: https://test2.zigis.id.lv/ Go to "Iestatījumi" and "Autorizēties" (I am from Latvia) If the authentication is successful, You will be able to access and save settings. I am making digital signature system built on PHP and javascript

DigitalLeaves commented 6 years ago

Thanks @martinpaljak , is there any example of how to verify the signature from the demo code? I mean, in openssl. I am trying to sign something, then send the certificate to the other end alongside a signature, but I get always a false indication.

DigitalLeaves commented 6 years ago

Interesting, thanks @expiorer . I happen to live in Latvia, I am an e-Resident and I am developing a social network for e-Residents (that's why I want to have e-Card authentication). Do you live in Riga? Maybe we can meet!