Digital signature: how to implement the work of the IT department?

V

V Sh.2017-02-21 15:43:38

JavaScript

V Sh., 2017-02-21 15:43:38

Good day!
At work, they set the task of implementing an information system through which users apply for access to various resources. I'm going to use ASP.NET MVC (C#) + Oracle. There are no problems with writing the application itself, however, the customer wants to implement the signing of documents (applications) with an electronic signature: i.e. the user submits an application, an employee of the IT department processes it and signs it with his EDS, after which the application is sent to work. Actually the question is: how to implement work with an electronic signature?
I read intensively about electronic signatures, but I just can’t get rid of the mess in my head. Suppose there is an application form (html) filled out. We serialize it into JSON, then we must sign this JSON with an EDS and store it in the database, next to the application itself. Is this the right idea? How is the signing process going? Maybe there are ready-made free solutions?
Now I'm struggling with CryptoPro EDS Browser plug-in, but so far I don't have enough understanding.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Danbka, 2017-02-21
@Danbka

If the application form means just an HTML form, then in principle you are right: you serialize the form data, for example, into json. You sign the resulting string using the CryproPro Browser Plugin (probably, an interface will be needed here to select the certificate that will be used to sign the data). You can make the signature detached (after all, you save the form data anyway). Then you transfer all this junk to the server and save it to the database.
You will then be asked to write an interface to verify the signature, but that's another story :)