生成在浏览器上的RSA密钥对客户端 [英] Generate rsa keypair client-side on the browser

问题描述

我不是这种编程很内行，我知道有几个类似的问题，但任何人都回答正是我需要的。

I'm not very expert in this kind of programming, and I know there is several similar questions, but anyone answered exactly that I need.

我的团队（和我）正在开发一种公钥基础设施。我们都停留在密钥生成（在客户端），但我们发现这么几个文件了。

My team (and I) are developing a Public Key Infrastructure. We are stuck in the key generation (on client side), but we found so few documentation about it.

我们知道有这些选项：

凯基标签 - >生成SPKAC请求 - >在Mozilla内部密钥存储，令牌和智能卡

keygen tag --> generates a SPKAC request --> works in Mozilla to internal keystore, token and smartcard

crypto.generateCRMFRequest（） - >生成CRMF请求 - >在Mozilla内部密钥存储，令牌和智能卡

crypto.generateCRMFRequest() --> generates a CRMF Request --> works in Mozilla to internal keystore, token and smartcard

CryptoAPI的，CAPI，的Xenroll CEnroll - >生成CSR PKCS＃10（我是这么认为的） - >作品在Internet Explorer（我们还没有找到code的例子）

CryptoAPI, CAPI, XEnroll CEnroll --> generates a CSR PKCS#10 (I think so) --> Works in Internet Explorer (we still haven't found code's examples)

JavaScript或Java小程序（是的，我知道，这两个是不同的）生成所有sunpkcs11，BouncyCastle的或iaik API（不能达到任何目标）

Javascript or java Applet (yes I know, both are different) generates in all with sunpkcs11, bouncycastle or iaik API (can't reach any goal)

我们发现了这个选项。但我们不知道如何得到的结果，如何创建一个CSR PKCS＃10的要求，以及如何处理它。

We found this options. but we don't know how to get the results, how to create to a CSR PKCS#10 request and how to handle it.

请，你能不能给我一个建议关于选择的战略中，找到如何实施和处理结果，转换结果等？我们越来越疯了！

please, could you give me an advice about select the strategy, find how to implement and handle results, convert results and so? we are getting crazy!

例如：我们知道如何使用凯基标签，但我们不知道如何的关键设置为仅RSA 2048，以及如何处理SPKAC请求，在一个良好的企业社会责任上的转换签署SHA256

Example: we know how to use the keygen tag, but we don't know how to set the key to only RSA 2048, and how to handle the SPKAC request to convert in a good CSR signed on SHA256

我们尝试开发一个Java小程序与iaik API，但企业社会责任产生了一个错误。

We tried to develop a Java Applet with iaik API, but the CSR generated had an error.

推荐答案

您是否对所有罪名正确，尽量使用浏览器标签来生成密钥对和/或证书请求。我建议你​​看一看Sourceforge上的Odyssi CS项目。这是写在Java / JSP的一个非常简单的CA实现。在JSP文件看看，你可以看到各种选项是如何被传递到密钥生成标签。

You are correct on all counts, as far as using browser tags to generate the keypair and/or certificate request. I recommend you take a look at the Odyssi CS project on Sourceforge. It's a very simple CA implementation written in Java/JSP. Take a look at the JSP files and you can see how the various options are being passed to the key generation tags.

基本上，你生成密钥对表单提交的一部分。从那里，它们以同样的方式与任何其他请求参数可用。你需要知道如何在后端脱code他们。 IE浏览器生成请求作为PKCS＃10，这是很好的，因为它是一个证据充分的标准。该SPKAC格式不被广泛使用，但仍然有良好的文件和库可用。

Basically, you generate the keypair as part of a form submission. From there, they're available in the same way as any other request parameter. You'll need to know how to decode them on the backend. IE generates the request as a PKCS#10, which is nice since it's a well-documented standard. The SPKAC format isn't as widely used, but there are still good documentation and libraries available.

http://sourceforge.net/projects/odyssipki/

这篇关于生成在浏览器上的RSA密钥对客户端的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！