Michael Ströder wrote, On 2008-12-28 04:38 PST:
> Nelson B Bolyard wrote:
>> I also think we need a page or two on developer.mozilla.org that fully
>> documents both the <keygen> tag and the crypto.generateCRMFRequest method.
> 
> +1
> 
>> The existing documentation is very incomplete.  The <keygen> tag, for
>> example, accepts many more arguments than are now publicly documented.

Let me start by saying that there are very few documents known to me that
are authoritative documentation of the keygen tag, and all are essentially
archival copies of documentation developed at Netscape in a prior
millennium.  They are:
http://devedge-temp.mozilla.org/library/manuals/1998/htmlguide/tags10.html#1615503
   which is now 11 years old, and
http://docs.sun.com/source/816-5535-10/index.html#DSA (6 years old) and
https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag
which seems to be the most complete, but is still not complete.

> Which arguments are that?

Now, here's what's not documented.

1. The attribute name "keyparams" is a synonym for the attribute name "pqg".
 Either name may be used for that attribute.

2. There are 3 recognized values for the "keytype" attribute.
They are "rsa", "dsa" and "ec".

3. When the keytype is "ec", the EC curve used in the generated key is
selected by the value of the optional keyparams attribute, if
  - it is present and
  - it is one of the strings found in the table at
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/manager/ssl/src/nsKeygenHandler.cpp&rev=1.49&mark=179-256#177
  - and the indicated curve is supported in that browser.

Otherwise, it is chosen by the user's choice from the key size choice box
according to the following table
   Key Size    Curve
   --------    -------------
   High        secp384r1
   Medium      secp256r1
   Low         secp256r1


The documentation for crypto.generateCRMFRequest is found at
https://developer.mozilla.org/en/JavaScript_crypto/generateCRMFRequest
but it is also incomplete.  The EC key generation documentation is missing.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to