views:

290

answers:

1

My company has a web document management application and I have been assigned to find a way to sign pdf files with the user digital certificate.

The pdfs can go from a few kb to over 100Mb, this is over the internet so the signature must take place at the web server.

In order to do this i have built an activeX control that asks the user to choose the certificate, then uploads it to a webpage using WebClient.UploadData sending the certificate as a byte array.

On the web page when i'm trying to sign the pdf document i am getting an error "Key does not exist". This comes to no surprise to me because when i was using the certificate directly over an https connection after i choose the proper certificate i would be prompt for the key. This is not happening with the activeX.

This is how i'm getting the certificate from the user:

private static X509Certificate2 PickCertificate()
        {
            X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
            try
            {
                store.Open(OpenFlags.ReadOnly);

                // pick a certificate from the store
                X509Certificate2 cert = X509Certificate2UI.SelectFromCollection(store.Certificates, "Title", "Message", X509SelectionFlag.SingleSelection)[0];

                // show certificate details dialog
                X509Certificate2UI.DisplayCertificate(cert);
                store.Close();
                return cert;
            }
            finally { store.Close(); }
        }

How can I ask the user to provide the key i am missing?

+4  A: 

You want the user to upload their certificate's private key to the webserver so that it may sign PDFs? If so, that's fundamentally broken from a security perspective.

I think you may have missed the point that public certificate != private key. (Most of us are sloppy and use the word "certificate" to refer to either (or both) of those things, so that's not entirely suprising). Going from memory, the CryptoAPI only has a select set of methods that will allow you to access the key. There must be an "export as PFX" method amongst those, so you could make your design work if you really, really wanted to, but there's no way I'd recommend this. (Risk of sending private keys to webserver, broken non-repudiation, etc etc).

If you really must do the signing on the server [I don't really understand your argument, signature should not add much data to the upload], then you should probably consider a multi-tiered architecture, and a key escrow mechanism. This way you can at least minimize some of the security concerns (but you'll still lose non-repudiation... and introduce other risks. No free lunch here).

So... you probably need to consider re-architecting your application so that PDF signature occurs on the client (in your ActiveX control), before the PDF file is uploaded. I imagine you will need a 3rd-party library for the signature step as discussed in this SO thread.

Martin Carpenter
The previous version to sign pdfs worked on the client side. This is a problem when you want to sign a 100Mb document because you would have to upload it through the web. Just imagine how lont it would take on a 15kb/second upload connection...
Sergio
download/sign/upload? I see. Then you either will need to send the keyfile up to the server, which is dangerous, or implement an escrow system (which will take work and may not even be possible depending on your target audience). Legal (liability) implications in either scenario.
Martin Carpenter
I am getting the certificate from a smartcard. Do you have any ideia on how i can get the key?
Sergio
You're probably out of luck in this case. Inaccessibility of the private key is one of the design criteria.
Martin Carpenter