QA/Signed Text: Difference between revisions

From MozillaWiki
< QA
Jump to navigation Jump to search
No edit summary
Line 66: Line 66:


==Decoding==
==Decoding==
Once you submit the signed form to the server, you can verify the signature using the <code>signver</code> tool from the NSS libraries.


$ signver -d . -a -i  signedData.txt< sig.txt
signatureValid=yes


==Links==
==Links==
http://docs.sun.com/source/816-6152-10/sgntxt.htm
http://docs.sun.com/source/816-6152-10/sgntxt.htm

Revision as of 05:42, 6 September 2008

Background

Firefox has a feature to allow users to digitally sign form data before it is sent to the server for processing. This page describes that feature of Javascript, called crypto.signText().

UI

SignText01.png

Code Sample

Here is some sample code that will show how the crypto.signText() function works in Firefox. 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta name="Author" content="Bob Lord" />
    <script type="text/javascript">
    var shoppingCart = "Bill of Sale\n--------------------\n\
3 Tires      $300.00\n\
1 Axle       $795.00\n\
2 Bumpers    $500.00\n\
--------------------\n\
Total Price $1595.00";

    function submitMyForm() {
    var element = document.getElementById('mytext');  
    element.innerHTML=crypto.signText(shoppingCart,"ask");
    }
    </script>
    <title>
      Form Signing Example
    </title>
  </head>
  <body>
    <p>
      <b>Shopping Check Out</b>
    </p>
    <p>
      Your shopping cart has the following items in it:
    </p>
    <pre>
      <script type="text/javascript">
      document.write(shoppingCart);
      </script>
    </pre>
    <p>
    If you are ready to check out, click here to digitally sign the order and to submit it.
    </p>
    <form id="input" onclick="submitMyForm();" action="#">
      <input type="submit" value="Submit my order!" />
    </form><br />
    <hr />
    <p>
      This is what the server will see:
    </p>
    <div id="mytext2"
    style="font-family:monospace; display:table; font-size:8pt; padding: 5px; border:thin solid;">
        <pre id="mytext">Signed text will show up here.</pre>
    </div>
    <p>
      &nbsp;
    </p>
  </body>
</html>

Decoding

Once you submit the signed form to the server, you can verify the signature using the signver tool from the NSS libraries. 

$ signver -d . -a -i  signedData.txt< sig.txt 
signatureValid=yes

Links

http://docs.sun.com/source/816-6152-10/sgntxt.htm

Retrieved from "https://wiki.mozilla.org/index.php?title=QA/Signed_Text&oldid=107725"