Generating client side certificates in browser and signing on server

Ludeks picture Ludeks · Feb 8, 2012 · Viewed 12.5k times · Source

Is it possible to request generation of client keypair in browser and send the public key to the server CA to be signed transparently? Then installing the signed certificate in user's browser?

Scenario:

  1. User opens https://examle.com/ web page, server identity is verified
  2. User requests an account creation
  3. Keypair is generated in user's browser and not revealed to server/CA
  4. Pubkey is send to server for signing
  5. Server signes the key and generates certificate
  6. Certificate is sent to client and installed in browser along with private key

Next time client connects to server, his identity is verified based on client certificate.

It would be nice if server could force/hint the client to protect his private key using password encryption.

I've seen online banking using java applet for this task. Is it possible to do it using native browser capabilites? Apache/PHP or Node.js solution would be welcome.

Answer

Bruno picture Bruno · Feb 8, 2012

Yes, it's possible. There are no cross-browser solutions, though.

  • For Internet Explorer, you will have to use some ActiveX controls using X509Enrollment.CX509EnrollmentWebClassFactory or CEnroll.CEnroll, depending on whether it's running on Windows XP or Vista/7. This will generate a PKCS#10 certificate request (which you may need to wrap between the traditional delimiters.
  • For the rest, you should be able to use the <keygen /> tag. It's a legacy Netscape tag, not officially HTML before, but it has made it into HTML 5 (although MS have said they wouldn't support it in their implementations). This will generate a SPKAC structure (similar to a CSR).
  • For Firefox (although it supports keygen), you can use the CRMF functions.

Here is an example script that should do most of the work for ActiveX or Keygen.

When the server sends a certificate in return (possibly later), the browser should import it into its store and associate it with the private key it had generated at the time of the request.

How the private key is protected will depend on the browser or underlying certificate store mechanism. In Firefox, there should be a master password on the security device, for example.

On the server side, you can implement your own CA using various tools. OpenSSL and BouncyCastle can handle PKCS#10 and SPKAC. Here is a BouncyCastle-based example (associated with the script above), and some code for CRMF.

If you want a ready-made solution, you may be interested in something like OpenCA.