On 2013-02-21 18:39, helpcrypto helpcrypto wrote: > When we have to generate signed copies for a lot of documents (eg: > student course certificates), we use our applet the following way: > > - step 1: authenticate and retrieve certificate to use > - setp 2 (n times): sign using selected certificate > > Of course, there are risks of signing undesired documents, but thats > another story. > Obviously, our smartcard doesnt have the CKF_ALWAYS_AUTHENTICATE PKCS#11 flag. > > We do this A LOT, and this will be great (if possible) through javascript. > Did I say I dont like using Java applets?
In my opinion this is a perfect application for server-based signatures. What's needed is an authorization signature where a responsible person attests that he/she have verified the correctness of the input data that I guess is presented in web format. The attestation would be stored in the information system together with the student information. The student certificates would presumable be distributed in PDF format with the educational institution's signature. The attestation is only of interest for internal processes since the signing individual most likely is unknown by outsiders. There are also huge problems using employee certificates outside of the employer border while a legal entity (organization) certificate actually can be issued by TTPs. Anyway, the Web Crypto API doesn't address traditional signature applications. At least, I cannot see that based on the current draft. Anders > > > > On Thu, Feb 21, 2013 at 4:51 PM, Anders Rundgren > <anders.rundg...@telia.com> wrote: >>> >>> Will it be possible, using Web-Crypto API, to sign in batch-mode? >>> >> >> Like this, I presume: >> http://www.secrypt.de/en/products/digiseal-office-pro >> >> I believe Germany is about the only country using such schemes. >> IMO it is based on an altogether weird interpretation and use of >> the EU signature directive which forces German companies to sign >> e-invoices as individuals, rather than by a server-hosted "company stamp". >> >> This makes the use of batch signatures a necessity for electricity and >> telecom bills since these are issued in huge volumes. >> >> Needless to say Germany is way behind the rest of the world in >> secure e-invoicing. >> >> Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
