[foaf-protocols] WebID JS/Flash import and export functionality

Dave Longley dlongley at digitalbazaar.com
Wed Aug 25 22:21:36 CEST 2010

The JS/Flash demo now allows private keys and certificates to be 
imported and exported. The process is a little tedious, but has been 
tested successfully with Firefox and Safari.

Creating a demo JS/Flash WebID or Importing an existing WebID to a 
JS/Flash WebID provider:

Go here, to a JS/Flash WebID provider:


To create a JS/Flash WebID fill out the appropriate information and 
click 'Create'. More fields are available under 'Advanced'.

If you have an existing WebID (e.g. one you may have created on foaf.me 
to test WebID) that you want to import you must first get the private 
key and certificate for that WebID. If you are using Firefox you can go 
to Preferences->Advanced->View Certificates and click the 'Backup' 
button. This will create a PKCS#12 file (.p12). You can use openssl to 
extract the private key and certificate from this file like so:

For a PKCS#12 file 'example.p12', run:

openssl pkcs12 -info -in example.p12 -nodes

The output should include the PEM data for your RSA Private Key and your 
Certificate. You can cut and paste each of these directly into the 
import form at https://webid.digitalbazaar.com/manage/. I assume that 
most people that are interested in this are familiar with PEM and 
openssl key conversion processes.

Next click the 'Import' button and wait a little while for the process 
to complete. Once it completes, your WebID should now be shown in the 
list of available WebIDs at the top of the page. The import process, 
just like the regular creation process, will store your Private Key and 
Certificate in Flash local storage under the 
https://webid.digitalbazaar.com domain. Only this domain will be able to 
access this information. The use of an iframe allows any compliant 
website to request that https://webid.digitalbazaar.com use TLS and a 
WebID to authenticate a user without allowing any other website access 
to the private key.

You can test that the WebID works with the JS/Flash demo website here:


If you already have a WebID installed in your browser you will be asked 
to select one using the browser UI even though it isn't the purpose of 
the demo. This is unavoidable with current browser implementations. 
However, it does provide the demo website with the opportunity to show 
that it also supports browser-based WebIDs. The WebID will be 
authenticated, and on successful, its related RDF data will be shown if 
you click a link at the end of the 'A Note Concerning Browser-Generated 
WebIDs' section. This shows that you have been identified by your 
browser WebID. However, this only demonstrates that your browser WebID 
works, it is not a demonstration of the JS/Flash WebID.

To see the JS/Flash WebID demonstration, click the 'Digital Bazaar 
WebID' provider button. It will bring up that particular WebID 
provider's (https://webid.digitalbazaar.com) custom interface which 
should allow you to pick from your available WebIDs. If you created any 
previous WebIDs using https://webid.digitalbazaar.com/manage then they 
will be shown here along with any that you previously imported. Select a 
WebID by clicking its associated 'Select' button. This should do the 
authentication and take you to the home page of the fake 'socialswarm' 
website and present you with a message and the RDF data from the 
associated WebID URL.

Exporting from JS/Flash to a Browser:

You can also export private keys and certificates generated by the 
JS/Flash WebID provider. To do this, there exists a Private Key and 
Certificate link with every WebID that is displayed at:


The links will cause the associated PEM-formatted data to be displayed. 
This information can be copied into two different files: e.g. 'key.pem' 
and 'cert.pem'. To import these files into a browser like Firefox or 
Safari, you must wrap them in a PCKS#12 data structure which will store 
them in a file like: 'example.p12'.

To wrap your private key and certificate using openssl you run:

openssl pkcs12 -export -in cert.pem -inkey key.pem -out example.p12 
-name "<certificate-name>"

Where <certificate-name> is the name to display to the user in the 
browser's UI when selecting a WebID. Once the p12 file is created it can 
be imported into a browser or an OS key chain using the appropriate 
method. For Firefox, you can import the p12 file by going to 
Preferences->Advanced->View Certificates and click 'Import'. Then select 

When you create a p12 file you will be asked to create a password of 
your choosing. You must enter this password when importing the p12 file 
to unlock it.

This process hasn't been made 'super-easy' yet, but it demonstrates that 
it is possible to move certificates between a WebID provider that uses 
JS/Flash and one that doesn't.

Dave Longley
Digital Bazaar, Inc.
Phone: 540-961-4469

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20100825/e4cfc019/attachment.htm 

More information about the foaf-protocols mailing list