如何从客户端从Chrome / Mozilla的windows os证书库中导入个人证书 [英] How to import personal certificate in windows os certificate store from Chrome/Mozilla by client side

问题描述

我已经生成了密钥对，并使用JavaScript库创建了自签名证书 WebCrypto API 和使用CSR请求的第三方Web服务。现在我想存储证书与私钥在客户端电脑的Windows个人证书存储。我发现这是由 JavaScript 这是不可能的。使用 java 很容易。但是，现在正在阻止 jApplet ，所以还有其他方式可以从客户端获得。通过创建chrome / mozilla扩展，是否有可能？

请注意，我明白如果我导出证书作为文件与私钥一起，我可以导入它在Windows证书存储中手动作为个人证书。但是我想自动化这个过程 - 用户只需从浏览器和服务器通信填写表单，证书就会被创建，并且会和私钥一起存储在客户端的windows存储中。

解决方案

我不认为你有太多的选择

• 由于安全限制，您无法从JavaScript访问浏览器使用的密钥存储区。您无法创建Chrome扩展程序来访问浏览器使用的密钥存储区因为Chrome API不会发布它（我不确定使用Firefox）
  

• 不能使用applet，因为Chrome和Edge不支持Java。 Firefox将在2017年3月取消对NPAPI插件的支持（java使用npapi），接下来的Java版本不包含浏览器插件。

使用私钥和证书生成一个.p12文件

客户端），下载并打开它。操作系统将启动导入证书工具

使用WebCryptographyApi ，如果您只需要证书在浏览器上执行加密操作（数字签名，加密，...）。您可以稍后生成.p12

I have generated key pair and created self signed certificate using JavaScript library WebCrypto API and 3rd party web service using a CSR request. Now i want to store the certificate with the private key in windows personal certificate store of the client pc. I have found here that by JavaScript it is not possible. Using java it is easily possible. But as jApplet is being discouraged now, so is there any other way from client side. By creating chrome/mozilla extensions, will it be possible either ?

Note that, i understand if i export the certificate as file along with the private key, i can import it manually in windows certificate store as personal certificate. But i want to automate the process like - the user just fill-up the form from browser and by server communication, the certificate will be created and will be store in windows store of client along with the private key.

解决方案

I do not think you have too many options

• You can not access from javascript to keystore used by browser due to security restrictions

• You can not create a chrome extension to access to keystore used by browser because chrome API does not publish it (I am not sure with firefox)

• You can not use an applet because Java is not supported by Chrome and Edge. Firefox will drop support to NPAPI plugins in March 2017 (java uses npapi), and next Java versions do not include the browser plugin

Alternatives:

• Generate a .p12 file with the private key and certificate (in client side), download and open it. The operative system will launch the import certificate tool

• Use WebCryptographyApi, if you only need the certificate to perform cryptographic operations on the browser (digital signature, encryption,...). You could generate the .p12 later

这篇关于如何从客户端从Chrome / Mozilla的windows os证书库中导入个人证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！