Introduction

Welcome to PKI Agent, a lightweight solution that simplifies in-browser signing using system certificates.

PKI Agent bridges the gap between system certificates and browsers. With PKI Agent, you can sign web application data in your browser using the certificates on your local machine. Web applications communicate with PKI Agent over a simple REST API to initiate the signing process. PKI Agent runs on the system, outside of the browser, and prompts the user to select a system certificate to use when an inbound signing request is received.

PKI Agent only listens for requests from localhost and always requires the user's approval before a signature is created. PKI Agent supports certificates from all common sources including:

  • Hardware tokens such as Yubikey, Digicert, and any PKCS#11 compatible device.
  • Certificates installed in the Windows Certificate Store.
  • File-based certificates including PFX and PEM files.

Example Use Case - Document Signing

Sign documents securely using your hardware token with a web application that runs in a browser.

In-browser web applications run in a sandbox, which prohibits them from accessing security keys residing outside of the browser. These restrictions impose significant limits on what web applications can do from a security perspective. For example, a web application cannot let its users sign online documents with their hardware security keys, as those keys cannot be directly accessed from the browser.

PKI Agent addresses this by providing signing functionality that runs outside of the browser but can easily be invoked from within the browser via API requests. By making signing requests to PKI Agent's API, the web application can use system security keys (with authorization from the user) to create a signature.

Example Use Case - Identity Verification

PKI Agent allows web applications to challenge a user in order to verify their identity. The web application can request that the user sign data using PKI Agent, then examine the resulting signature to confirm that the data was signed with the expected certificate. The data which PKI Agent signs is arbitrary, so the web application can ask the user to sign any data it wishes.

REST API

The following endpoints are supported:

Request Authorization GET /authorize
Sign Data POST /sign

Additional Information

You will always find the latest information about PKI Agent at our web site: www.nsoftware.com. We offer free, fully-functional 30-day trials for all of our products, and our technical support staff are happy to answer any questions you may have during your evaluation.

Please direct all technical questions to support@nsoftware.com. To help support technicians assist you as quickly as possible, please provide a detailed and accurate description of your problem, the results you expected, and the results that you received while using our product. For questions about licensing and pricing, and all other general inquiries, please contact sales@nsoftware.com.

Thank You!

Thank you for choosing PKI Agent. We realize that you have a choice among tools, and that by choosing us you are counting on us to be a key component in your business. We work around the clock to provide you with ongoing enhancements, support, and innovative products; and we will always do our best to exceed your expectations!