then how to get file signature on JS?

Not based on what you have, if you want to do it through JS.
We need the jcp module PROBABLY )))
To score a head, let's start with RSA
Then I'll invent)))
CRYPTO PRO CSP is a kind of algorithm for comparing public and private keys
CryptoPro Extension for CAdES Browser Plug-in - provides a browser exit from its program space. Program launch. Next comes the request to CRYPTO and the call of all certificates. When selected, the public and private keys are compared. This is just the entrance to the page.
Further more difficult ... what do you want to store?
1. DOC - a user from word signs it and sends it (need additional modules)
2. PDF - a user from PDF signs it and sends it (needs additional modules)
3. ZIP - I came across somewhere))). The archive contains the transferred file and all sorts of files to check that the file has not changed.
4. Containers - there is a program that creates a container that is signed with a key and attached to the form. Used in banks.
But it seems to me that you will not like all this)))
CRYPTO PRO server licenses are NEEDED, they are absent in your question.
Therefore, I immediately send, for example, to CRYPTO .
I quote: "Signing XML Documents (XMLDSig);
Signing PDF Documents;
Signing Microsoft Office Documents."

A crypto system is a rather complicated thing, it includes private keys and public keys signed by a trusted certifying authority. After applying the signature, you send the resulting file in which the information itself and the signature, or separately the information + the signature file, somewhere. On the receiving side, they remove the signature based on their private-public key pair (certificate) and by checking the list of reviews that the certification center publishes. To exchange information, exchange points must exchange their public keys, which are signed by this certification authority (these are certificates). Private keys should not leave the exchange points.
The browser plugin works with the crypto provider itself, and has its own API, you can do a lot of things with it, cpdn.cryptopro.ru/default.asp?url=content/cades/pl...download the library from the manufacturer and there you can figure out how it works.
To work, you need either a third-party CA, or deploy your own, install the CA root certificate in trusted on the server and client, issue 2 key certificates, for the server and for the client, install a client certificate on the server, install a server certificate on the client, and on the client personal store install your certificate.
Sign on the client, send the file to the server in any way, remove the signature there, get the source file. For all manipulations there is software from the manufacturer.

I explain.
I will say right away that I have no idea what CryptoPro is and why it is, but the electronic signature of, say, an email message looks like this:
- A certain CA that is trusted by both the sender and the recipient (this is a critical condition) issues a certificate to Ivanov Ivan Ferapontovich.
- Ivan Ferapontovich configures his mail program (eg Thunderbird) to sign all outgoing messages.
- Using his certificate key, Ivan Ferapontovich generates an electronic signature that does not protect the text of the letter from being read, but protectsfrom change. That is, if a change is made to the text of the letter, the signature will not match and a corresponding notification will appear. After that, the letter is sent
- The recipient checks the correctness of the letter using Ivan Ferapontovich's certificate, which can be transmitted along with the letter. If the signature matches, the recipient sees the "correct electronic signature" icon.
The most important thing here is that both the sender and the recipient trust the certificates used for the signature. If CryptoPro is some kind of state certificate, then it can be used to sign, at least to sign messages