[foaf-protocols] WebID JS/Flash import and export functionality
dlongley at digitalbazaar.com
Wed Aug 25 22:21:36 CEST 2010
The JS/Flash demo now allows private keys and certificates to be
imported and exported. The process is a little tedious, but has been
tested successfully with Firefox and Safari.
Creating a demo JS/Flash WebID or Importing an existing WebID to a
JS/Flash WebID provider:
Go here, to a JS/Flash WebID provider:
To create a JS/Flash WebID fill out the appropriate information and
click 'Create'. More fields are available under 'Advanced'.
If you have an existing WebID (e.g. one you may have created on foaf.me
to test WebID) that you want to import you must first get the private
key and certificate for that WebID. If you are using Firefox you can go
to Preferences->Advanced->View Certificates and click the 'Backup'
button. This will create a PKCS#12 file (.p12). You can use openssl to
extract the private key and certificate from this file like so:
For a PKCS#12 file 'example.p12', run:
openssl pkcs12 -info -in example.p12 -nodes
The output should include the PEM data for your RSA Private Key and your
Certificate. You can cut and paste each of these directly into the
import form at https://webid.digitalbazaar.com/manage/. I assume that
most people that are interested in this are familiar with PEM and
openssl key conversion processes.
Next click the 'Import' button and wait a little while for the process
to complete. Once it completes, your WebID should now be shown in the
list of available WebIDs at the top of the page. The import process,
just like the regular creation process, will store your Private Key and
Certificate in Flash local storage under the
https://webid.digitalbazaar.com domain. Only this domain will be able to
access this information. The use of an iframe allows any compliant
website to request that https://webid.digitalbazaar.com use TLS and a
WebID to authenticate a user without allowing any other website access
to the private key.
You can test that the WebID works with the JS/Flash demo website here:
If you already have a WebID installed in your browser you will be asked
to select one using the browser UI even though it isn't the purpose of
the demo. This is unavoidable with current browser implementations.
However, it does provide the demo website with the opportunity to show
that it also supports browser-based WebIDs. The WebID will be
authenticated, and on successful, its related RDF data will be shown if
you click a link at the end of the 'A Note Concerning Browser-Generated
WebIDs' section. This shows that you have been identified by your
browser WebID. However, this only demonstrates that your browser WebID
works, it is not a demonstration of the JS/Flash WebID.
To see the JS/Flash WebID demonstration, click the 'Digital Bazaar
WebID' provider button. It will bring up that particular WebID
provider's (https://webid.digitalbazaar.com) custom interface which
should allow you to pick from your available WebIDs. If you created any
previous WebIDs using https://webid.digitalbazaar.com/manage then they
will be shown here along with any that you previously imported. Select a
WebID by clicking its associated 'Select' button. This should do the
authentication and take you to the home page of the fake 'socialswarm'
website and present you with a message and the RDF data from the
associated WebID URL.
Exporting from JS/Flash to a Browser:
You can also export private keys and certificates generated by the
JS/Flash WebID provider. To do this, there exists a Private Key and
Certificate link with every WebID that is displayed at:
The links will cause the associated PEM-formatted data to be displayed.
This information can be copied into two different files: e.g. 'key.pem'
and 'cert.pem'. To import these files into a browser like Firefox or
Safari, you must wrap them in a PCKS#12 data structure which will store
them in a file like: 'example.p12'.
To wrap your private key and certificate using openssl you run:
openssl pkcs12 -export -in cert.pem -inkey key.pem -out example.p12
Where <certificate-name> is the name to display to the user in the
browser's UI when selecting a WebID. Once the p12 file is created it can
be imported into a browser or an OS key chain using the appropriate
method. For Firefox, you can import the p12 file by going to
Preferences->Advanced->View Certificates and click 'Import'. Then select
When you create a p12 file you will be asked to create a password of
your choosing. You must enter this password when importing the p12 file
to unlock it.
This process hasn't been made 'super-easy' yet, but it demonstrates that
it is possible to move certificates between a WebID provider that uses
JS/Flash and one that doesn't.
Digital Bazaar, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-protocols