PKI Agent

Sign Data from Your Browser

PKI Agent bridges the gap between system certificates and browsers. With PKI Agent, you can sign web application data in your browser using the certificates on your local machine or with a hardware token.

If you are building a web application solution that requires users to create signatures, your users are not able to cryptographically sign data in their browser by default. This is because the browser sandbox lacks direct access to the system store where cryptographic certificates reside. In order for your users to sign your web application data according to universal digital signature standards like PKCS#1 or PAdES, you need a solution like PKI Agent to bridge the gap.

PKI Agent's specialized design helps ensure it integrates seamlessly with your larger solution. The tool simply generates a digital signature with a user-selected certificate for any arbitrary data in a user's browser, then provides the browser access to this signature so that it can be communicated to a web application. The web application solution can handle or process this signature data according to whatever logic is appropriate.

PKI Agent provides users with the ability to select certificates from the system store or hardware tokens to use for signing. PKI Agent hosts a REST API on localhost that the browser can make requests to when it needs a signature. PKI Agent processes the REST request, prompts the user to choose an available certificate, creates a digital signature, and returns this signature data to the browser.

Example: Signing PDFs

Most in-browser PDF signatures are merely an agreement to trust a third party like DocuSign. To instead sign the PDF cryptographically following universal standards like PKCS#1 or PAdES, the user needs to access system certificates via a tool like PKI Agent.

With PKI Agent, developers can build web applications that allow users to sign PDF data cryptographically to ensure trust and non-repudiation. These signatures do not require the use of an external signing authority, but rather allow users to choose a system certificate or security key to create a digital signature.

Since PKI Agent is a general-purpose signing tool, it is up to the developer of the web application to integrate the signature data from PKI Agent into a broader solution like a PDF signature platform. PKI Agent does not determine how the web application should append the signature data to the PDF data, nor does it impose any restrictions on how the signature is used. Please see the PDF Signing article for additional details.

Online Resources

• Getting Started
• Live Demo
• Signing PDFs
• Online Documentation
• Knowledge Base
• Software License