Simplified attempt for certificate provisioning/enrollment inside the browser using WebCrypto API and indexedDB.
/*
[certificateOperation Interface {result, oncomplete, onerror}]
[certificateOperation: createCert,pemToDer,fromDer,fromPem]
*/
var cert=xhr(my_bank.com);
//get a certificate that the bank has already created
//or
var cert_op=window.crypto.createCert(params);
//self-signed
//then jump to private_key below
//or
var keyGen=window.crypto.generateKey(algorithmKeyGen,false,["sign"]);
keyGen.oncomplete = function(event) {
var res=event.target.result;
var pub_key=res.publicKey;
var priv_key=res.privateKey
var cert=xhr(my_bank.com,pub_key);
//get a certificate from the bank with your public key
//continue as mentionned below
};
var der=window.crypto.pemToDer(cert);
der.oncomplete=function(evt) {
var Cert=window.crypto.fromDer(evt.target.result);
Cert.oncomplete=function(evt) {
var certificate=evt.target.result;
/* {
certificate: {
Version:,
Serial Number:,
Certificate Signature Algorithm: [Algorithm]
Issuer:,
Validity:,
Subject:,
Subject Public Key Info:,
Subject Public Key Algorithm: [Algorithm],
Subject Public Key: [Key],
Extensions:
},
signature algorithm:
signature:
}
Where Public Key generation is equivalent to :
var public_key_op=window.crypto.importKey(
"raw",createArrayBufferView(certificate Subject Public Key modulus),
Algorithm Public Key [Algorithm],false,['encrypt','decrypt']);
//[keyOperation Interface {result, oncomplete, onerror}]
public_key_op.oncomplete=function(evt) {
Subject Public Key=evt.target.result; //[Key Interface {type, algorithm, extractable, key usage}]
};
*/
var privat_key_op=window.crypto.fromPem(Private Key);
//Enter Private Key received from the bank from User Interface
//Or get it from the server by some protected means
//Or get if from createCert above
//Or get it from generateKey above
private_key_op.oncomplete=function(evt) {
var priv_key=evt.target.result; //[Key]
var UA_priv_key_ref=UA_store_priv_key(priv_key);
certificate.ref=UA_priv_key_ref;//UA stores priv_key safely
//Or key discovery interface
window.cryptokeys.setKeyByName(unique_random_name,priv_key);
//Store safely [Key]-->[NamedKey] and assign a unique id
certificate.ref=unique_random_name;
var store_cert={id:n,cert:certificate};
//Or save priv_key in indexedDB
var store_cert={id:n,cert:certificate,priv_key:priv_key};
//Add whatever params you like
var req=indexedDB.open('certificates');
req.onsuccess=function (evt) {
var db=evt.target.result;
var transaction=db.transaction(['store'],'readwrite');
var objectStore=transaction.objectStore('store');
objectStore.add(store_cert);
var request=objectStore.get(n);
request.onsuccess=function(evt) {
var cert=evt.target.result.certificate;
var priv_key=UA_get_priv_key(certificate.ref);
//get from UA safe store
var priv=window.cryptokeys.getKeysByName(certificate.ref)[0];
//or key discovery interface
var priv=evt.target.result.priv_key;
//or get from indexedDB
};
};
};
};
};