Plugin

The plugin is available both as an ActiveX component for Internet Explorer web browsers and as a Netscape plugin for Netscape/Mozilla/Firefox/Safari web browsers. The name Netscape plugin refers to the initial implementation by Netscape web browser and the interface was later adopted by several other web browsers.

Security

Since version 6.1 a new control mechanism is included to limit the usage of the plugin, each parameter and operation will be limited/checked separately. The default requirements may be updated via configuration parameters:

  • Plugin  AccessGetProperty

  • Plugin  AccessSetProperty

  • Plugin  AccessEnumProperty

  • Plugin  AccessInvoke.

Access

Access for all parameters and operations will have one of the following values:

0

blocked, parameter/function may not be used

1

low, parameter/function require application/site have access level low

2

use, parameter/function require application/site have access level use

3

full, parameter/function require application/site have access level full

The application access level is decided by Plugin  Plugin  Allowed parameter in configuration, default is low.

The site access level is decided by AllowedServers section in configuration, see Technical Description. Default is low.

Value check

Parameters sent to plugin will also be validated. The value type and min/max length will be validated.

Value types:

0

ignored (no check)

1

bool, only "true", "false", "1" or "0" are accepted

2

number, only digits are accepted (0-9)

3

hexadecimal, only hexadecimal digits are accepted (0-9, a-f, A-F)

4

base64, only base64 characters are accepted

5

oid, only digits and ‘.’ character is accepted

6

string, character values less than 0x20 will not be accepted

7

url, only characters valid for an URL are accepted

Value length check may also be specified, no length check if min/max both is zero.

Default values

The default values may be updated without further notice. The current default values are listed in Plugin Access Parameters.

Activating

There is no difference using the ActiveX component or Netscape plugin except for activating. The ActiveX component is activated with class id or name and the Netscape plugin with type:

class id: 5BF56AD2-E297-416E-BC49-00B327C4426E
name: IID.iIDCtl
type: application/x-iid
Activating ActiveX component
<object name='iid' classid='CLSID:5BF56AD2-E297-416E-BC49-00B327C4426E' width=0 height=0> </object>
Activating Netscape plugin
<object name='iid' type='application/x-iid' width=0 height=0> </object>

There are two options available for activating the plugin, either direct activation when web page is loaded or using the scripting interface. Direct activation will require plugin to post the result and there is less control of error handling, so the recommendation is to always use the scripting interface. The only operation available for direct activation is the Sign operation, all other operations require scripting.

Load the ‘Sign’ functionality with scripting
var rc = 1
var iid = null;
var signature = "";
iid = document.getElementById(‘iid’);
if (iid != null) {
  iid.SetProperty(‘DataToBeSigned’, ‘SomeData’);
  rc = iid.Invoke(‘Sign’);
  if (rc == 0)
    signature = iid.GetProperty(‘Signature’);
}
This will require that the plugin object is activated with name ‘iid’ (see above).
Load the ‘Sign’ functionality directly at activation.
<object name='iid' type='application/x-iid' width=0 height=0>
  <param name='PostURL' value=‘???'>
  <param name='DataToBeSigned' value=‘SomeData'>
  <param name='DirectActivation' value='Sign'>
</object>

Static properties

The following properties are always available from the plugin.

  • CryptoEngine

  • Version

CryptoEngine

This parameter will return the current cryptographic engine that generates random values and RSA keys.

The returned string has the following values:

Returned string value elements Description

Name

The description of the cryptographic engine.

Version

The version of the cryptographic engine.

Example 1. Microsoft Windows using CryptoAPI.
Microsoft Strong Cryptographic Provider;00000200;
Example 2. Linux using OpenSSL.
OpenSSL 0.9.8g 19 Oct 2007;0090807F;
There is no generic syntax for description or version number, the syntax is decided by each engine.

Version

This parameter will return the current version number of the product. The version is always eight digits with two numbers for each part, for example 1.2.3.45 will be returned as 01020345.

Example 3. Version number
"06000041"

During software upgrade components may not be reloaded until restart of the web browser, as a result this value will not be updated. Instead check global configuration file for the new version number.

iid.GetProperty(‘ConfigGlobal:Install:Version’);

Examples

See https://service.secmaker.com/examples/plugin/ for examples using plugin.