.
2 Cross-platform Web Browser
The third design requirement is the digital
signature must be available in all cross-platform web
browsers. This includes Internet Explorer,
Google
Chrome and Mozilla Firefox. As a result, a dedicated
web extension for each web browser is built. Web
extension for Internet Explorer is using ActiveX
technology. For Google Chrome, technology applied
is a Chrome extension and native messaging. For
Mozilla Firefox the technology is ‘Add-on’. These
web extension technologies are built using multiple
languages; C++, JavaScript, and combination thereof.
2.3. Identical Core Functionalities Across all
Web Browser
The functionalities of the digital signature solution
are described in three phases, data before signing, data
while signing and data after signing. Prior to sign, the
functionalities are to present the data to be signed to a
user, hash the data to sign using the SHA-256
algorithm and add a button to sign the data.
While
signing, the functionalities are to prompt a list of user
certificates available on the web browser, view the
content of the selected certificate and present a PIN
dialogue for the user to access the private key and
compute the digital signature using RSA 2048-bit key
operation. After signing, the functionalities are to
present the signature and the status of the digital
signature. The format of the digital signature is a raw,
PKCS#1 padded digital signature. Verification of the
digital signature is assisted with a user’s public key
and result in a cryptographic hash value. This hash
value will then be compared to the hash value of the
data to sign. The signature verification is achieved
without the presence of hardware-based tokens.
The prementioned core functionalities are required
to be uniformly featured in all web browsers. Hence,
to support cross-platform web browsers, the codes of
web extension for each of web browsers, must provide
identical functions, inputs, and outputs. The five main
functions across all web browsers are performing sign
on a hash value, get signature value, get user
certificate value, get status of digital signing and get a
web extension version.