Blitz Smart Card Plugin

To allow your website using a hardware digital signature

Blitz Smart Card Plugin

Do your users have to sign web forms or uploaded documents using their hardware tokens (smartcard or USB devices)? Blitz Smart Card Plugin allows a web page to obtain device properties and to make digital signature. If your website require the ability to strong authenticate users using their hardware keys, our solution allows the browser to retrieve data about the certificate and lets user sign the authentication challenge.

Benefits of Blitz Smart Card Plugin

Universal

Plugin works with popular operating systems (Windows, Linux, macOS) and browsers (Chrome, Firefox, Safari, Internet Explorer, Edge, Yandex.Browser). SafeNet, YubiKey and other PKCS#11 keys are supported.

Easy to integrate

We provide JavaScript API. Embedding the plugin into your website will take only an hour.

User-friendly

Due to step-by-step plugin installation process with contextual help user will prepare his workstation to sign the first document just in a minute.

How it works

Accessing smartcards or USB tokens from website is a tricky puzzle

First of all, you need some special middleware that allow user’s browser to communicate with hardware devices (smart cards and tokens) connected to the PC or call installed crypto providers. Blitz Smart Card Plugin just represents this middleware. This is a browser plug-in that allows web pages to use hardware digital signature devices.

When developing your own plug-in, you need to consider the specifics of different browsers. Apple Safari and Microsoft Internet Explorer are currently communicate with plugin through NPAPI or ActiveX. Google Chrome, Mozilla Firefox, Edge use another technology – Native Messaging. To use Native Messaging, you also need to develop a browser extension and register it in the browser extension store.

Users of your websites can use digital signature devices from various vendors and can use different crypto providers. When developing the plug-in, you need to program and test the plug-in with each of the required signature hardware in each supported operating system.

Also, you need to take care of creating a browser plug-in installer for each operating system. Installers must be signed by the manufacturer’s signature, the certificate of which can be verified in the corresponding operating system; otherwise, when installing the plug-in, users will receive warnings from the operating system about the installation of dangerous malicious programs.

Blitz Smart Card Plugin simplifies the task of using a digital signature on a website

You just need to place JavaScript code on your web page. The following actions are available for working with a digital signature:

  • Plug-in initialization – check whether user need to install/update the plug-in or to install the browser extension;
  • Getting a list of cryptographic modules available on the PC;
  • Getting a list of key containers available on the PC and their certificates;
  • Signing data using the specified key container.

The data for signing is specified in the format utf-8, hex or base64.

The signature is generated in the format PKCS#7 or CAdES-BES. Both attached and detached signatures are supported.

Questions?

Contact us for more information about product and demo.