W3C home > Mailing lists > Public > www-tag@w3.org > March 2016

Re: What we were using public key authentication for

From: Dave Longley <dlongley@digitalbazaar.com>
Date: Wed, 30 Mar 2016 12:00:49 -0400
To: www-tag@w3.org
Cc: timbl@w3.org, Henry Story <henry.story@bblfish.net>, Melvin Carvalho <melvincarvalho@gmail.com>
Message-ID: <56FBF831.8060301@digitalbazaar.com>
 > 2) genearte the keys using math, possibly web cryto with “exportable” 
keys, and download a .pem file to the user’s desktop.  Get the user to 
click on the .pem and go through the process of installing the cert on 
their site. Hope fingers crossed the browsers don’t just block the use 
of client certs at all!

As a quick, temporary replacement for keygen, you should be able to use
forge (or forge + WebCrypto) to generate a keypair and wrap it in a
PKCS#12 container that can be downloaded via a link that, when clicked,
may bring up an import dialog in the user's browser. They may have to
save the file first before importing, I'm not sure.

forge: https://github.com/digitalbazaar/forge

There's some somewhat messy X.509 cert creation and PKCS#12 code that
could be adapted from this issue:

https://github.com/digitalbazaar/forge/issues/211#issuecomment-85447100


-- 
Dave Longley
CTO
Digital Bazaar, Inc.
http://digitalbazaar.com
Received on Wednesday, 30 March 2016 16:01:14 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:13 UTC