Skip to content

Instantly share code, notes, and snippets.

@Ayms Ayms/gist:d21bbab05361bd58c439 Secret
Last active Dec 15, 2015

Embed
What would you like to do?
Browser Certificate enrollment

Simplified attempt for certificate provisioning/enrollment inside the browser using WebCrypto API and indexedDB.

/*
[certificateOperation Interface {result, oncomplete, onerror}]
[certificateOperation: createCert,pemToDer,fromDer,fromPem]
*/

var cert=xhr(my_bank.com);
//get a certificate that the bank has already created
//or
var cert_op=window.crypto.createCert(params);
//self-signed
//then jump to private_key below
//or
var keyGen=window.crypto.generateKey(algorithmKeyGen,false,["sign"]);
keyGen.oncomplete = function(event) {
  var res=event.target.result;
  var pub_key=res.publicKey;
  var priv_key=res.privateKey
  var cert=xhr(my_bank.com,pub_key);
  //get a certificate from the bank with your public key
  //continue as mentionned below
};

var der=window.crypto.pemToDer(cert);

der.oncomplete=function(evt) {
  var Cert=window.crypto.fromDer(evt.target.result);
	Cert.oncomplete=function(evt) {
		var certificate=evt.target.result;
		/* {
			certificate: {
				Version:,
				Serial Number:,
				Certificate Signature Algorithm: [Algorithm]
				Issuer:,
				Validity:,
				Subject:,
				Subject Public Key Info:,
					Subject Public Key Algorithm: [Algorithm],
					Subject Public Key: [Key],
				Extensions:
			},	
			signature algorithm:
			signature:
		}
		
		Where Public Key generation is equivalent to :
			var public_key_op=window.crypto.importKey(
			"raw",createArrayBufferView(certificate Subject Public Key modulus),
			Algorithm Public Key [Algorithm],false,['encrypt','decrypt']);
			//[keyOperation Interface {result, oncomplete, onerror}]
			public_key_op.oncomplete=function(evt) {
				Subject Public Key=evt.target.result; //[Key Interface {type, algorithm, extractable, key usage}]
			};

		*/
		var privat_key_op=window.crypto.fromPem(Private Key); 
		//Enter Private Key received from the bank from User Interface
		//Or get it from the server by some protected means
		//Or get if from createCert above
		//Or get it from generateKey above
		private_key_op.oncomplete=function(evt) {
			var priv_key=evt.target.result; //[Key]
			var UA_priv_key_ref=UA_store_priv_key(priv_key);
			certificate.ref=UA_priv_key_ref;//UA stores priv_key safely
			//Or key discovery interface
			window.cryptokeys.setKeyByName(unique_random_name,priv_key); 
			//Store safely [Key]-->[NamedKey] and assign a unique id
			certificate.ref=unique_random_name;
			var store_cert={id:n,cert:certificate};
			//Or save priv_key in indexedDB
			var store_cert={id:n,cert:certificate,priv_key:priv_key};
			//Add whatever params you like
			var req=indexedDB.open('certificates');
			req.onsuccess=function (evt) {
				var db=evt.target.result;
				var transaction=db.transaction(['store'],'readwrite');
				var objectStore=transaction.objectStore('store');
				objectStore.add(store_cert);
				var request=objectStore.get(n);
				request.onsuccess=function(evt) {
					var cert=evt.target.result.certificate;
					var priv_key=UA_get_priv_key(certificate.ref);
					//get from UA safe store
					var priv=window.cryptokeys.getKeysByName(certificate.ref)[0];
					//or key discovery interface
					var priv=evt.target.result.priv_key;
					//or get from indexedDB
				};
			};
		};
	};
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.