You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A PDF file that a user created/uploaded to my website needs to be digitally signed/stamped with a CAC card by another user.
WITHOUT BEING DOWNLOADED
Assumptions
The file contains multiple named SignatureFields with byte ranges already defined.
Why Not Download and Re-upload?
While downloading and re-uploading the file would be simpler, this is not an option due to constraints set by my boss.
Current Approach and Understanding
Key Insights
Webpage Limitations: Webpages cannot access signer-held digital signature certificates directly due to security restrictions (air gap) between webpages and client machines.
Security Concerns: This air gap is crucial for preventing unauthorized access to client-side certificates.
Desktop App Solution
To work around the limitations of web access to certificates, I've decided to build a desktop app using WinUI 3 and WebView2. The desktop app will load the website, providing a bridge to access the certificates securely.
Detailed Plan
Load Website in Desktop App:
Use WinUI 3 with WebView2 to load the website within the desktop app.
Endpoint for PDF Retrieval:
Create an endpoint on the site for retrieving the PDF.
When a user clicks a button on the site, the app will fetch the PDF via this endpoint.
PDF Handling:
Load the PDF into a local cache within the app (not downloaded in the conventional sense).
Digital Signature with CAC Card:
Use pkcs.dll to interact with the smartcard.
Either bundle the DLL with the app or reference the DLL location on the user's machine.
When signing, the DLL will prompt the user to select their smartcard and enter their PIN.
The app will digitally stamp the signature onto the specified acrofield in the PDF.
Uploading Signed PDF:
Implement an "Apply Signature" button that posts the signed PDF back to an upload endpoint on the server.
stringscript=@" async function fetchPDF(url) { const response = await fetch(url); const blob = await response.blob(); const arrayBuffer = await blob.arrayBuffer(); return arrayBuffer; }";await webView.ExecuteScriptAsync(script);// Call the function with the PDF URLvarpdfArrayBuffer=await webView.ExecuteScriptAsync("fetchPDF('https://example.com/your-pdf.pdf');");
Handle PDF Content in WinUI 3:
Convert the array buffer to a byte array and store it in a cache.
Use pkcs.dll to sign the PDF.
Upload Signed PDF:
Implement an HTTP POST request in the app to send the signed PDF to the server.
Example Code for Signing and Uploading
// Function to load the PDF from the cachebyte[]LoadPDFCache(){// Logic to load PDF from cache}// Function to sign the PDFvoidSignPDF(byte[]pdfData){// Use pkcs.dll to sign the PDF// Show smartcard selection and PIN prompt// Stamp the signature on the PDF's SignatureField}// Function to upload the signed PDFasync Task UploadSignedPDF(byte[]signedPdfData){using(varclient=new HttpClient()){varcontent=new ByteArrayContent(signedPdfData);varresponse=await client.PostAsync("https://example.com/upload-endpoint", content);if(response.IsSuccessStatusCode){// Handle successful upload}else{// Handle upload failure}}}// Main functionasync Task MainFunction(){// Load and sign the PDFvarpdfData= LoadPDFCache();
SignPDF(pdfData);// Upload the signed PDFawait UploadSignedPDF(pdfData);}
So I dropped my thoughts into chatgptizzle before bothering the world but I feel like there are shortcomings in my thought process and what Ol' gipity has "helped" with (or what it 💩 out)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Basic Problem to Solve
Assumptions
Why Not Download and Re-upload?
While downloading and re-uploading the file would be simpler, this is not an option due to constraints set by my boss.
Current Approach and Understanding
Key Insights
Desktop App Solution
To work around the limitations of web access to certificates, I've decided to build a desktop app using WinUI 3 and WebView2. The desktop app will load the website, providing a bridge to access the certificates securely.
Detailed Plan
Load Website in Desktop App:
Endpoint for PDF Retrieval:
PDF Handling:
Digital Signature with CAC Card:
pkcs.dllto interact with the smartcard.Uploading Signed PDF:
Technical Steps
JavaScript in WebView2 to Fetch PDF:
Invoke JavaScript from WinUI 3 App:
Handle PDF Content in WinUI 3:
pkcs.dllto sign the PDF.Upload Signed PDF:
Example Code for Signing and Uploading
So I dropped my thoughts into chatgptizzle before bothering the world but I feel like there are shortcomings in my thought process and what Ol' gipity has "helped" with (or what it 💩 out)
I was looking to get some ideas please 😅
Beta Was this translation helpful? Give feedback.
All reactions