Hi,Would you please talk more about the crypto object
in the Netscape javascript?I want a detailed reference of it.
As to IE,I have collected the answer from this maillist long time ago,
I would like to share it,again.And I still wonder what other function
the xenroll object(or other object) offer.
I am looking for some way to sign and verify signature, encrypt and decrypt data
in IE and Netscape browser, not by ActiveX.
List: openssl-users
Subject: Re: apply cert from browser
From: Thomas Reinke <[EMAIL PROTECTED]>
Date: 2000-04-30 13:56:05
[Download message RAW]
For Netscape, checking the tag <KEYGEN>.
For IE, check the object XENROLL, as in the following
example:
=== CREATING A REQUEST ===
<OBJECT
classid="clsid:43F8F289-7A20-11D0-8F06-00C04FC295E1"
CODEBASE="xenroll.dll"
id=xenroll>
</OBJECT>
You create the key pair and request with VBscript - this should be
called when user has entered the data and tries to submit the form:
' Construct DN
DN = "C="+country+"+O="+org+"+CN="+cn+"+EMAIL="+email
' Set the xenroll properties
xenroll.providerType = 1 ' Microsoft
xenroll.providerName = "Microsoft Base Cryptographic
Provider
v1.0"
xenroll.HashAlgorithm = "MD5" ' or "SHA1"
' xenroll.KeySpec = 2 ' AT_SIGNATURE
xenroll.KeySpec = 1 ' AT_KEYEXCHANGE
' Make your pick here :)
' xenroll.GenKeyFlags = 1 ' CRYPT_EXPORTABLE
' xenroll.GenKeyFlags = 2 ' CRYPT_USER_PROTECTED
xenroll.GenKeyFlags = 3
' Create the request
request = xenroll.CreatePKCS10(DN, "1.3.6.1.5.5.7.3.2")
TheForm.pkcs10Request.value = _
"-----BEGIN NEW CERTIFICATE REQUEST-----" + _
CHR(13) + _
request + _
"-----END NEW CERTIFICATE REQUEST-----"
This will give you a vanilla PEM-formatted PKCS10 request that you can
submit and process in a CA of your choice, getting back a cert.
=== INSTALLING THE CERTIFICATE ===
The cert must be included in another VBscript routine on the page that
installs the certificate. Like this:
<SCRIPT LANGUAGE="VBScript">
Sub INSTALL_OnClick
Dim sz10
sz10 = _
"-----BEGIN CERTIFICATE-----" & _
"MIICIjCCAYugAwIBAgICECAwDQYJKoZIhvcNAQEEBQAwOzELMAkGA1UEBhMCRUUx" & _
.. your certificate here..
"whateverisinyourcertxxxLB3B+01hWzjyYqWoLpp6y3gNbIzLSnHcD59pNpho8" & _
"8t37wrgh4g3+Hxq6Pvfm3zbY//qDnw==" & _
"-----END CERTIFICATE-----"
xenroll.DeleteRequestCert = TRUE
err.clear
xenroll.WriteCertToCSP = true
xenroll.acceptPKCS7(sz10)
if err.number <> 0 then
result = MsgBox("Bad luck, error code " & err.number, 0, "Error")
else
result = MsgBox("You got lucky today!", 0, "")
end if
End Sub
</SCRIPT>
Cheers, Thomas
----- Original Message -----
From: "Tridib, Mumbai" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, December 04, 2000 6:18 PM
Subject: Key genration in IE
> Hi all,
> Please help me. My problems are as follows:
>
> 1. I have generated key pair in Netscape (at client side) and then subsequently I
>have created Certificate (at server side) using -SPKAC option of "ca" command i.e
>signing the request with root private key. This works fine. My problem is how can I
>generate the key pair in IE and then create certificate using openssl like what I
>have done in Netscape.
>
> Has any one done this? Please help me. I need your help despaerately - I tried a lot
>using actiovex etc.
>
> 2. In case of signing a text in Netscape, there is no problem- crypto.signText() of
>Java Script works fine and the output is PKCS#7 object. I can also verify at the
>server using "verify" command of OpenCA.
>
> Could You please tell me how can I sign a text in the IE such that ouput will be
>PKCS#7 object?
>
> 3. If I have a crypto API which can generate a hash of a data and then sign it using
>the private key of the certificate, then is it possible to output a PKCS#7
>signed-object?If yes, How it can be done.
> Please help me.
>
> Thanking you in advance,
>
> Tridib
>
> _____________________________________________________
> Chat with your friends as soon as they come online. Get Rediff Bol at
> http://bol.rediff.com
>
> Participate in crazy auctions at http://auctions.rediff.com/auctions/
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]