NakovDocumentSigner

What is NakovDocumentSigner?

NakovDocumentSigner is a framework for digitally signing document for Java-based Web applications. It is freeware open-source project initiated by Svetlin Nakov and provides the Web applications with digital signature functionality based on Public Key Infrastructure (PKI). NakovDocumentSigner consists of a digital signer applet and a reference Web application for signature and certificate verification. It supports signing with a PKCS#12 certificate keystore file and with a smart card.

The DigitalSignerApplet is a Java applet that signs files on the client’s machine before uploading to the Web server. It is intended to be integrated in HTML forms for file uploading and provides digital signature functionality based on public key cryptography and X.509 certificates. The applet allows the user to locate his certificate PKCS#12 keystore file (.PFX or .P12 file) and to enter his password for accessing it. After that it signs the file that is selected for uploading with the private key from the selected keystore and puts the calculated signature along with the full certificate chain from the keystore in the HTML form. When the form is submitted, the calculated signature and user’s full certificate chain is transmitted to the server along with the selected file for uploading. The applet is digitally signed in order to run with full permissions on the client machine and requires Java Plug-In 1.4 or later on the client.

The SmartCardSignerApplet works the same way like the DigitalSignerApplet but it signs files in the client’s Web browser with a smart card. It needs a PKCS#11 implementation library and the PIN code for accessing the smart card. The applets requires Java Plug-In 1.5 or later.

The sample Web application is intended to illustrate how digital document signing process, powered by the digital signer applet, can be integrated in Java-based Web applications. The sample application is based on Struts framework and shows how signed files can be received and how their digital signatures can be verifed on the server. In addition to this, the sample application shows how the user certificates and certificate chains can be verified. User certificates are verified in two ways – directly and by verifying their certificate chains. In practice this sample application can be used as framework for integration of the Public Key Infrastructure (PKI) and digital document signing in Web application.