Can a server-side PDF be signed with a client-provided digital signature without storing the signature on the server?

Server-Side PDF Signing with Client-Provided Signatures

Issue:

Can a document created on a server be signed by the user's own digital signature without the signature being stored on the server? PHP and JavaScript are not considered sufficient for this task.

Solution:

A client-side module is necessary to perform signing since the private key is stored on the client. JavaScript cannot access this key.

Recommended Approach:

Implement a Java applet that runs within the user's browser to access the signing certificate and private key.

Alternative Option: SecureBlackbox Distributed Signature Add-On

The SecureBlackbox product provides a browser module (Java Applet, ActiveX control, or Flash applet) to facilitate the signing process:

1. The user creates a document on the server.
2. The document is transferred to the client.
3. The Java applet signs the document.
4. The signed document is uploaded back to the server.

Technical Details:

If the document hash is calculated at the server, it must be passed to the client for signing. The signature is then embedded back into the document. However, it may be simpler to transfer the entire document to the client for signing and upload the signed document back.

Available Libraries:

• iText for Java
• SecureBlackbox Java edition

The above is the detailed content of Can a server-side PDF be signed with a client-provided digital signature without storing the signature on the server?. For more information, please follow other related articles on the PHP Chinese website!