使用ssl公钥/私钥进行基于Web的登录? [英] Web based login using ssl public/private key?

问题描述

是否可以通过Web浏览器创建需要公钥/私钥的登录过程?公钥将存储在服务器上，私钥将由用户保留(并加密).

Is it possible to create a login process that requires a public/private key through a web browser? The public key would be stored on the server and the private key would be kept (and encrypted) by the user.

我基本上想做一些类似于SSH的事情，但是要通过网络.也许是HTTP身份验证的自定义方法(摘要"除外).

I basically want to do something similar to what SSH does, but through the web. Perhaps a custom method of HTTP Authentication (other than "Digest").

我知道使用常规浏览器可能无法做到这一点，因此可以接受扩展来实现此功能(Chrome/Firefox).

I know that it may not be possible to do this with a stock browser, so extensions to make this work are acceptable (Chrome/Firefox).

理想情况下，密钥将在USB记忆棒上加密.拔掉USB记忆棒后，就无法登录(不想让浏览器对其进行缓存).

The keys would ideally be encrypted on a USB Stick. When the USB stick is unplugged in has to be impossible to login (don't want the browser to cache it).

这将在内部使用.

客户端证书就是我想要的，但是如何将这些证书存储在USB记忆棒上?另外，是否有有关如何使用PHP验证用户身份的信息?

Client certificates would be what I'm looking for, but how do I store these certificates on a USB stick? Also, is there information on how to authenticate a user using PHP?

推荐答案

这是通过证书进行的客户端身份验证.
您的服务器应配置为需要客户端证书，并且还应配置一个信任库.
所有浏览器都支持此功能.
您只需要将具有私钥和证书的客户端密钥库导入计算机的证书集.
对于Windows，它位于Internet选项中

This is Client authentication via certificates.
Your server should be configured to require a client certificate and also be configured with a truststore.
All the browsers support this.
You just have to import the client keystore having the private key and certificate to the machines set of certificates.
For windows it is in internet options

这篇关于使用ssl公钥/私钥进行基于Web的登录?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！