views:

20

answers:

1

How can I access Microsoft's Crypto API from a client side Web application? More specifically, access user's Windows-MY certificates through a web browser and use them to encrypt data. I've looked at CAPICOM but it is no longer supported by Microsoft. I've also looked into Java's Cryptographic Excention and MSCAPI provider but it does not provide the functionality I need.

+1  A: 

You have quite a few questions on this topic. This answer relates to all of them.

First: your problems using SunMSCAPI is caused by an unlucky combination of Entrust's CSP prompting for password when it is not necessary and SunMSCAPI using a slightly strange way of deciding whether a certificate has a matching private key. Can you get Entrust to fix their CSP?

Second: if you cannot get Entrust to fix their CSP, your best bet is Java and JNI. I can see that you tried this but gave up. It is possible - it will probably give you a headache, but it is really the only viable cross-browser solution. Of course if you can live with an Internet Explorer-only solution (you mention CAPICOM) you can implement your own ActiveX/COM-object with the exact functionality you need.

Rasmus Faber