Hi Zhou.
I've been considering this problem a little and we came to a conclusion to
use an applet. You could also do a plugin for your browser but that's alot
of work. We've also tried to hack a specific type of Java browser so that
the <form> tags in HTML are modified... in other words our forms look like
this:
<form="myForm" action="someServlet" sign="signFieldName" method="whatever">
And in here we have a hidden field with the same name as specified
in the sign attribute in the form tag. In this case it's: signFieldName
</form>
We have this browser sign the value... of course this means using only our
browser (which is an open source Java browser we got from somewhere... it's
called ICE Browser I think).
But the way we'll go is probably the Applet. You can have some javascript
code which sends all the needed information to a signing applet and some
method in the applet that receives that data and generates a signature...
then you can have the javascript insert that value (the signiture) to a
hidden field on the form and then send the form... your servlet would then
get the form and simply retrieve the value in the hidden field to get the
client signiture.
We haven't implemented this yet but we've done a prototype which does what I
described above... only thing that's left to do is to be able to sign the
thing with the clients certificate but some people over here say that can be
done.
A pointer if you decide to try this: if you want to access a method in an
applet from javascript, all you have to do is define the method public in
the applet and then just access it like so in the javascript:
document.NameOfApplet.nameOfMethod(Parameters);
Have fun! ;o)
Regards, Stefan
-----Original Message-----
From: A mailing list about Java Server Pages specification and reference
[mailto:[EMAIL PROTECTED]]On Behalf Of zhou shuangquan
Sent: 20. okt�ber 2000 00:56
To: [EMAIL PROTECTED]
Subject: encryption and form signing
Hi all,
Sorry, I'm new in JSP and JAVA, and I studied JSSE1.0.2 and JCE1.2.1 ten
days ago. But I'm familiar with Cryptography(SSL included).
My problem is: I want to encrypt and sign some sensitive information on the
client by encrytpion and digital signature operation before sending them to
the server. The server runs JSP. What language/script/technology should I
use to do that, and how?
Thank you in advance.
Zhou shuangquan
[EMAIL PROTECTED]
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
