[foaf-protocols] FOAF+SSL: Simple Recipe to Create X.509 Client Certificates in PHP
henry.story at bblfish.net
Fri Jan 2 19:10:30 CET 2009
On 2 Jan 2009, at 16:35, Bruno Harbulot wrote:
> Story Henry wrote:
>> On 2 Jan 2009, at 11:21, Bruno Bonfils wrote:
>>> Le 2 janv. 09 à 11:11, Story Henry a écrit :
>>>> Great work Melvin. You are really raising the bar here on quality
>>> Note if you really don't want to generate the key server side, there
>>> are some interfaces (browser dependants however) to
>>> create the key by the browser, and send the PKCS#10 (certificate
>>> request) to the server, which return the certificate. Using this
>>> you don't need to use PKCS#12 file.
>> Do you have some references for this?
>> Can one add a URI to the v3 extension fields using these methods?
>> In a way that is not too demanding on the user?
> I presume Bruno is talking about the browser's crypto API I
> mentioned in an e-mail some time ago (paragraph B):
> I don't think it's possible to specify extensions as part of the
> process, but it's possible to have a reference identifier (so the
> extensions could be prepared somewhere on the server).
Ok, I think I get it.
So one can use something like the <keygen tag defined here
or more detailed
You can see it working by saving the following in a file and running
it in a browser:
<tr><td align=right>Full name</td><td><input name="name" size=40></
<tr><td align=right>Email</td><td><input name="email" size=40></td></tr>
<tr><td align=right>Organisation</td><td><input name="org" size=40>
(e.g. Asemantics, AnyWi, etc)</td></tr>
<tr><td align=right>Keysize</td><td><KEYGEN name=spkac
challenge=notSoBeIt> (set to 2048)</td></tr>
<tr><td align=rightcolspan=2><input type=submit value=request></td></tr>
This then creates a private key client side, whose public key is then
sent to the server which would create a cert for the generated foaf
file with foaf url of the user.
And which can the be added to the browser...
Mhh, but I don't quite understand what happens to the private key made
More information about the foaf-protocols