问题
Looking for Javascript code to sign GST or Income Tax eReturns from Browser using USB Token.
回答1:
Recently much is being talked about WebCrypto API but as of now, WebCrypto API does not provide access to (Windows) or any other Key stores or local crypto USB/Smartcard device. Older methods being java applets, Active X, etc which are phased out or are being phased out from the Modern Browser offerings.
Most of the web applications require Digital Signing pdf documents, files, eReturns (XML or JSON) etc, from user’s Browser using user’s local machine Key-store, USB Token or Smartcard.
Also in most of the signing scenarios, for requirement to protect data within the server boundaries, it’s not recommended to send complete pdf file or data to browser or to signing API server.
Thus, its good practice, to use JavaScript through browser extension to access some application running on local system to access local KeyStore and produce the signature and send back (PKCS7 or CMS container in case of PDF signing) to server where the signature may be injected back to PDF or eReturn from which hash was created for signing and was sent to browser.
For browser based signing scenarios, one such free Chrome extension available is Signer.Digital chrome extension. Local system (host running behind the chrome browser on windows) may be downloaded from https://download.cnet.com/Signer-Digital-Chrome-Extension/3000-33362_4-78042540.html Installing this host and restarting Chrome will automatically add Signer.Digital Chrome Extension
The actual working of this extension is illustrated here along with link to complete code walk-through and complete C# source code.
Sample JavaScript and Server side pseudocode code to sign GST return using Signer.Digital Extension:
function getSignature(hash){
//Sign GSTR Return Hash using Signer.Digital Chrome Extension
//This method returns CMS (PKCS7) Signature
SignerDigital.signGstHash(hash)
.then(function(signature){
//send signature to return filing server
},function(error){
//send error to server and/or report error to user
});
}
//For Income Tax Return signing use method:
//This method returns SHA256 Signature
SignerDigital.signITHash(hash, PAN)
Server side pseudocode example to file GSTR3B would be as below:
- User clicked FileReturn button on Browser.
- Call method to download GSTR3B Return summary - ApiAction “RETSUM”
- Call method compute hash of ResponsePayload from step 2 above.
- Send Hash in above step for signing, where above JavaScript method will get GSTR return hash signed using SigherDigital Extension method.
- Return signature (as shown in JavaScript above) to Web application server which will proceed with GSTR3B Filing API call to GSTN server.
If you are using TaxProGST.API free library to file GSTR3B pseudocode would be as below:
- User clicked FileReturn button on Browser.
- Call method GSTR3BAPI.GetGstr3BDataSchedulePayloadAsync – to download GSTR3B Return summary - ApiAction “RETSUM”
- Call method GSTR3BAPI.ComputeReturn3BHash(ResponsePayload from step 2 above)
- Send Hash in above step for signing, where above JavaScript method will get GSTR return hash signed using SigherDigital Extension method.
- Return signature (as shown in JavaScript above) to Web application server
- Server application will proceed with GSTR3B Filing API call to GSTN server using method GSTR3BAPI.FileReturn3BFromBrowser
回答2:
Although webcrypto does not provide access to smart cards, there is an application called FortifyApp that provides a webcrypto polyfill that does via that same interface.
You can read about how it works here.
The documentation for the interface is here: https://peculiarventures.github.io/webcrypto-local/docs/
来源:https://stackoverflow.com/questions/55691584/how-to-digitally-sign-gst-return-or-ereturn-using-javascript-form-browser-and-us