Answer the question
In order to leave comments, you need to log in
M
M
Maxim Ivanov2016-10-13 16:10:27
Maxim Ivanov, 2016-10-13 16:10:27
What does authentication and authorization with ES on the client side mean?
So I wrote an authorization form (login and password), in fact this is a one-factor authorization, the customer has a requirement to authenticate and authorize by account (login and password) with an ES.
The electronic signature on the client side in the web interface is called by third-party chrome plugins, but the question is, what kind of data should I sign? Is this what I do, sign the login and password? Or am I not understanding something?
2 answer(s)
@splincodewd
@z3apa3a
A
Andrew, 2016-10-13 @splincodewd
The server must generate a small (for example, 16 bytes) but unique (never repeated) text, and the client must sign it. After that, the server checks whether the same text was signed by the client, and if the text is correct and the signature is correct, then the client is authenticated. To ensure that the text is unique, it usually includes the current date/time with high precision, for example, to milliseconds in a time zone that does not have daylight saving time, such as UTC (to avoid the risk of repeating the hour of the arrows moving back).
PS Recommend: Menezes, et al. Handbook of applied cryptography, 10.3.3 , section (ii)
V
Vladimir Dubrovin, 2016-10-13 @z3apa3a
It is not necessary to use third-party plugins at all, you can use https:// client certificate authentication .
Similar questions
A
E
D
V
L
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question