Signerdigital Digital Sig
✨ AI-Powered 🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Blocks unauthorized access to sensitive documents by providing digital signatures for eReturns, PDFs, and web user authentication, while also supporting RSA encryption and decryption, certificate enrollment, and download on smartcards, benefiting professionals in finance, law, and government who require robust security measures. Lets you securely manage and verify the authenticity of important documents, ideal for users working with sensitive information. Integrates with various platforms to streamline digital signature processes, catering to a wide range of industries that rely on secure authentication methods.
Overview
This extension does not require Java Runtime (JRE) on Windows, Linux or Mac.
Digital Signature Chrome Extension: Signer.Digital Chrome Extension by Chartered Information Systems Pvt. Ltd., India is chrome extension for Digitally Signing Returns, XML, Hash, Content, Document, PDF, Data Encryption/Decryption, etc from Browser using Certificate in Smart Cards, USB Tokens, PFX file on User's System, User's Local Certificate Store or Hardware Security Modules (HSM), Signer.Digital Signing Web APIs. Also has API for Certificate Enrollment/Download on Smartcard or USB Token directly form the modern browsers. API for list of connected Smartcard may be used to detect connected Smartcard or USB Token.
JULY 2022 - Added support for ICP-Brazil and ITIDA Egypt.
Windows Host application used by this extension may be Downloaded from:
https://downloads.signer.digital/Signer.Digital.Browser.Extension.Setup.zip
User has full control on Allowed Origins. Before every action (operation), Extension Host shows dialog and user can choose 'Deny', 'Allow Once', 'Always Allow' and 'Manage Origins'.
To check working of this extension visit https://web.signer.digital
Contact us for Linux and Mac Host application.
Most of the JavaScript API in Signer.Digital Browser Extension is completely FREE to use (Only API GenerateCSR and ImportCert - which are mainly used by Certifying Authorities for Certificate Issuance is not free.) Certifying authorities are requested to contact info@signer.digital to enable their 'Issuer Name' in the Signer.Digital Browser Extension.
Chartered Information Systems also provides secure Slots in HSM hosted in Multi Tenant mode, for digital signing.
This extension is widely used for Digitally Signing PDF Documents from Browser, Web Authentication using Digital Certificate, Signing eReturns, AuthTokens, Data Encryption/Decryption using Smartcard or USB Token connected to user's browser.
Works on Chrome and Chromium base Edge browsers.
Sample Code, Walk-through, and Source code of Windows Integration project is available at https://help.signer.digital/digital_signing_and_authentication_from_web_browser.htm
Signer.Digital.Weblib is free for single page signing from .NET web application
Tags
Privacy Practices
Security Analysis — Signerdigital Digital Sig
Permissions
Code Patterns Detected
External Connections
Package Contents 13 files · 86KB
What This Extension Does
Signerdigital Digital Sig is a productivity extension that digitally signs eReturns, PDFs, and web user authentication using RSA encryption/decryption. It supports certificate enrollment/download on smartcards and USB tokens. With over 3 million users, it's widely used for digital signing and authentication from the browser.
Permissions Explained
- nativeMessagingcheck this: This permission allows the extension to communicate with native applications installed on your system.
Technical: The nativeMessaging API enables communication between Chrome extensions and native applications, potentially exposing sensitive data. Attack surface: high. ⚠ 1
Your Data
Signerdigital Digital Sig accesses user certificates stored on smartcards or USB tokens, as well as keystrokes and page content for digital signing purposes.
Technical Details
- stackoverflow.com
- downloads.signer.digital
- HTTPS
- keystrokes
- page content
Code Findings
This extension uses innerHTML assignment, which can be exploited by malicious scripts to inject arbitrary HTML code.
Technical: The extension's JavaScript files (e.g., script.js) contain the following pattern: innerHTML = .... This can lead to XSS attacks if user input is not properly sanitized.
💡 This pattern is commonly used in legitimate extensions for dynamic content rendering.
Similar to the previous finding, this extension uses insertAdjacentHTML, which can also be exploited by malicious scripts.
Technical: The same JavaScript files contain the following pattern: insertAdjacentHTML(...).
💡 This pattern is commonly used in legitimate extensions for dynamic content rendering.
The extension uses String.fromCharCode to obfuscate code, making it harder to analyze.
Technical: The JavaScript files contain the following pattern: String.fromCharCode(...).
💡 This pattern is commonly used in legitimate extensions for encoding/decoding data.
The extension captures keystrokes, which can be a concern for user privacy and security.
Technical: The extension's JavaScript files contain the following pattern: document.addEventListener('keydown', ...).
💡 This pattern is commonly used in legitimate extensions for password management or other sensitive data handling.
Signerdigital Digital Sig has some security concerns, primarily related to potential XSS vectors and keystroke capture. While it's widely used for digital signing and authentication, users should exercise caution and consider the risks associated with this extension.
