Hi guys, I need key validation routines for my authentication systems. Web front ends are not my strong point so I'm not in much of a position to do a through evaluation. I'm looking for recommendations from folk who have done this.
The authenticates to a website using two factor auth (not key based) and uploads a public key, which then gets put everywhere it needs to go. The validations I'd like to do: 1. server side: convert the key to openssh format and check that it's a valid key, correct type and strong enough. 2. Browser side: check if user entered a private key and refuse to upload it. Check matching private key and refuse to upload public key till private key is passphrase-protected with strong enough encryption. Don't require user to enter passphrase. I must support SSH protocol 1 for an ancient legacy site or two. And I'm in the very happy position of being able to tell users "You will use Firefox| Chrome|Opera for this" if that's what it takes :-) The web app will be built using django. -- alan dot mckinnon at gmail dot com