[foaf-protocols] FOAF+SSL: Simple Recipe to Create X.509 Client Certificates in PHP
Story Henry
henry.story at bblfish.net
Fri Jan 2 19:10:30 CET 2009
On 2 Jan 2009, at 16:35, Bruno Harbulot wrote:
> Hello,
>
> Story Henry wrote:
>> On 2 Jan 2009, at 11:21, Bruno Bonfils wrote:
>>> Le 2 janv. 09 à 11:11, Story Henry a écrit :
>>>
>>>> Great work Melvin. You are really raising the bar here on quality
>>>> and
>>>
>>> Note if you really don't want to generate the key server side, there
>>> are some interfaces (browser dependants however) to
>>> create the key by the browser, and send the PKCS#10 (certificate
>>> request) to the server, which return the certificate. Using this
>>> way,
>>> you don't need to use PKCS#12 file.
>> Do you have some references for this?
>> Can one add a URI to the v3 extension fields using these methods?
>> In a way that is not too demanding on the user?
>
> I presume Bruno is talking about the browser's crypto API I
> mentioned in an e-mail some time ago (paragraph B):
> http://lists.foaf-project.org/pipermail/foaf-protocols/2008-November/000044.html
> https://developer.mozilla.org/en/JavaScript_crypto
>
> I don't think it's possible to specify extensions as part of the
> process, but it's possible to have a reference identifier (so the
> extensions could be prepared somewhere on the server).
Ok, I think I get it.
So one can use something like the <keygen tag defined here
http://webdesign.about.com/od/htmltags/p/bltags_keygen.htm
or more detailed
http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080714/07ea5534/attachment.txt
You can see it working by saving the following in a file and running
it in a browser:
<html>
<body>
<form action="http://www.cs.tut.fi/cgi-bin/run/~jkorpela/echo.cgi"
method=post>
<table>
<tr><td align=right>Full name</td><td><input name="name" size=40></
td></tr>
<tr><td align=right>Email</td><td><input name="email" size=40></td></tr>
<tr><td align=right>Organisation</td><td><input name="org" size=40>
(e.g. Asemantics, AnyWi, etc)</td></tr>
<tr><td align=right>Keysize</td><td><KEYGEN name=spkac
challenge=notSoBeIt> (set to 2048)</td></tr>
<tr><td align=rightcolspan=2><input type=submit value=request></td></tr>
</table>
</form>
</body>
</html>
This then creates a private key client side, whose public key is then
sent to the server which would create a cert for the generated foaf
file with foaf url of the user.
And which can the be added to the browser...
Mhh, but I don't quite understand what happens to the private key made
by keygen.
Henry
More information about the foaf-protocols
mailing list