Re: What we were using public key authentication for

 > 2) genearte the keys using math, possibly web cryto with “exportable” 
keys, and download a .pem file to the user’s desktop.  Get the user to 
click on the .pem and go through the process of installing the cert on 
their site. Hope fingers crossed the browsers don’t just block the use 
of client certs at all!

As a quick, temporary replacement for keygen, you should be able to use
forge (or forge + WebCrypto) to generate a keypair and wrap it in a
PKCS#12 container that can be downloaded via a link that, when clicked,
may bring up an import dialog in the user's browser. They may have to
save the file first before importing, I'm not sure.


There's some somewhat messy X.509 cert creation and PKCS#12 code that
could be adapted from this issue:

Dave Longley
Digital Bazaar, Inc.

Received on Wednesday, 30 March 2016 16:01:14 UTC