- From: Dave Longley <dlongley@digitalbazaar.com>
- Date: Wed, 30 Mar 2016 12:00:49 -0400
- To: www-tag@w3.org
- Cc: timbl@w3.org, Henry Story <henry.story@bblfish.net>, Melvin Carvalho <melvincarvalho@gmail.com>
> 2) genearte the keys using math, possibly web cryto with “exportable” keys, and download a .pem file to the user’s desktop. Get the user to click on the .pem and go through the process of installing the cert on their site. Hope fingers crossed the browsers don’t just block the use of client certs at all! As a quick, temporary replacement for keygen, you should be able to use forge (or forge + WebCrypto) to generate a keypair and wrap it in a PKCS#12 container that can be downloaded via a link that, when clicked, may bring up an import dialog in the user's browser. They may have to save the file first before importing, I'm not sure. forge: https://github.com/digitalbazaar/forge There's some somewhat messy X.509 cert creation and PKCS#12 code that could be adapted from this issue: https://github.com/digitalbazaar/forge/issues/211#issuecomment-85447100 -- Dave Longley CTO Digital Bazaar, Inc. http://digitalbazaar.com
Received on Wednesday, 30 March 2016 16:01:14 UTC