RFE: Add support for signing UTF-8 text

[minfrin]

The Firefox web browser used to support a javascript function called crypto.signText() that presented some text to the end user, and invited the user to sign the text with a digital certificate.

This was removed from the Firefox project without a replacement.

I propose the same functionality be added to chrome-token-signing, so as to make it possible to sign text as was possible before.

[martinpaljak]

This is not in the scope of this project. Here the scope is mainly ETSI-defined signature formats (asic containers) and interfacing with the hardware to get such technical signatures. Implementation of UI or signature container/format generation is up to the application developers. It was removed for a reason from FF.

[minfrin]

The Firefox project never provided the reason for removal of crypto.signText(), and the need exists still.

Currently id.ee is the closest plugin that I have found that is able to sign documents - unfortunately the current API signs an opaque hash, and there is therefore no way to guarantee to an end user what they're signing.

signText (as in show the end user some text, ask them to sign that text and no other text) solves this problem.

[martinpaljak]

and this is a clear design decision, both good and bad. WYSIWYG is a valid concern, but not in the scope of this thing.

[metsma]

signText (as in show the end user some text, ask them to sign that text and no other text) solves this problem.

It is not so simple. We need then also some sort hashing and when you validate signature you need to know the hash algo and also the message digesting procedures.

[minfrin]

It is not so simple. We need then also some sort hashing and when you validate signature you need to know the hash algo and also the message digesting procedures.

The problem is already solved - the crypto.signText() implementation is a starting point.

I want the ability to sign other things, like PDFs and DNSSEC zone files, but those are details.

[metsma]

But these require some sort hashing before and you can create the hash and sign with hwcrypto

[kristelmerilain]

Thank you for the feedback. I will close this issue since the active development and management of the Token Signing component has ended due to the transition to the new web authentication and signing solution (Web eID). We are happy to accept your proposals in the new Web eID project repository: https://github.com/web-eid.