SecureBlackbox 16: How do I need sign data stored on the server using the key stored on the client computer?

Note: This article applies only to SecureBlackbox Legacy. For future development please consider using the latest version.

There are several methods:

  • Transfer the certificate and a private key to the server. This option significantly undermines the security of the private key and should be avoided (we mention it here for completeness and your awareness).
  • Transfer the document to the client. Not always possible for security and other reasons. If such a transfer is possible, signing can be done using a client-side module (an application, browser plug-in, Java applet, or ActiveX control), which you need to create. Javascript will not be enough here. Also the client-side module must include functionality to do digital signing, which is not always possible.
  • Calculate the hash of the data on the server and send it to the client. The method is similar to method 2 above with the exception that the document itself is not sent to the client, but only its hash. This method requires that server-side code exists that can embed or merge the signature with the original document.

SecureBlackbox offers the Distributed Cryptography Add-on for those components that support the signing of data (the CMS / CAdES, PDF / PAdES, XMLDSig / XAdES standards and Office document signing). Those components can calculate a hash, send it to the client for signing, and then incorporate the signature to the document. Also, the Distributed Cryptography Add-on includes prebuilt, client-side browser modules (the Java applet, Flash applet, and ActiveX control) that can sign the hash.

The Distributed Cryptography Add-on is an add-on that can be purchased with selected packages (PKIBlackbox, PDFBlackbox, XMLBlackbox, OfficeBlackbox, SecureBlackbox Data Security, and SecureBlackbox Professional).

We appreciate your feedback.  If you have any questions, comments, or suggestions about this article please contact our support team at