Bob Relyea <[EMAIL PROTECTED]> writes:
> Or find a CRMF toolkit.
Limits my options rather. A quick search reveals only the java one.
At the moment my code is in python and I can't find any CMMF for
python. I am considering rewriting in java (yawn).
> Once you have the key in the client, then x-x509-user-cert will work.
> You can pass it the binary cert (which all the toolkits should be able
> to give you or and Base-64 encoded cert (the body of the pem file).
I can pass the certificate directly back to the browser in an HTTP
response typed x-x509-user-cert.
But I don't seem to be able to use importUserCertificate to import the
base64 encoded version of the certificate as you imply:
<html>
<head>
<script>
//<!--
var nickname = "openidcert";
var cert = "MIIC4DCCAkkCAWQwDQYJKoZIhvc....";
var forceBackup = false;
function load_certificate() {
try {
var log = window.crypto.importUserCertificates(nickname, cert, forceBackup);
alert(log);
}
catch (e) {
alert("problem importing certificate");
}
}
document.addEventListener("load", load_certificate, false);
//-->
</script>
</head>
<body>
<h1>Certificate installed?</h1>
</body>
</html>
The cert data here is just base64'd certificate data. Not CMMF.
I'm not sure that you meant whether I could do that or not but it
doesn't work and it doesn't return an error.
>> If there was a handler in FF for pkcs12 is that what it should do:
>> auto-import the certificate?
>>
> yes, The user will still be prompted for the password of the PKCS 12
> file, and if he has more than one writable token, he will be prompted
> for where the cert and key should go.
Is there a problem with the fact that the server side will have a copy
of the private key? Can you see objections being raised due to that?
--
Nic Ferrier
http://www.tapsellferrier.co.uk for all your tapsell ferrier needs
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
