The most adequate group for this discussion would be mozilla.dev.tech.crypto
I agree than enhancing generateCRMFRequest to let it generate a more usual format instead of only CRMF would be a big step forward.
And making more obvious that keygen is not a good long term solution is a very good thing.
Thomas Zangerl wrote:
Arm, I am not sure whether I would recommend this, but in Firefox and Safari keygen currently just generates a<select><option...></select> structure in DOM. So what we in the Confusa project (http:// www.confusa.org) are currently playing with to increase the user friendliness, is just assigning the keylength to the option texts and then setting the right option to selected. In JavaScript that is something along the lines of var keysize = /* usually something from PHP */ "2048"; var keygenCell = document.getElementById("keygenCell"); var options = keygenCell.getElementsByTagName("option"); /* Gecko based browsers use some strange "Grade" syntax for keylengths - replace*/ if (navigator.userAgent.indexOf('Gecko') != -1) { var GECKO_STRING_HIGH = "High Grade"; var GECKO_STRING_MEDIUM = "Medium Grade"; for (var i = 0; i< options.length; i++) { var option = options[i]; if (option.text == GECKO_STRING_HIGH) { option.text = "2048 bits"; option.value=GECKO_STRING_HIGH; } else if (option.text == GECKO_STRING_MEDIUM) { option.text = "1024 bits"; option.value=GECKO_STRING_MEDIUM; } } } /* autoselect the option with the right keysize */ for (var i = 0; i< options.length; i++) { var option = options[i]; if (option.text.indexOf(keysize) != -1) { option.selected = true; } } The above seems to work in Firefox 3.0 and 3.5 and Safari 4 (selection) but not in Opera 10.50. An alternative you might consider is using Mozilla's Crypto-Interface, which gives you full control over the keysize etc.: https://developer.mozilla.org/en/JavaScript_crypto Regarding, Mozilla's Crypto-interface, we found it pretty inconvenient to deal with yet another certificate format, though, because generateCRMFRequest generates the cert-request as a CRMF file and Firefox expects to receive the response in CMMF. If there is no easy way to do this with your CA, you might however have to fall back to a hack just as we do. /Thomas On Mar 29, 10:48 am, Arm Abramyan<[email protected]> wrote:Dear firefox support team Armenian e-Science Foundation Certification Authority (ArmeSFo CA,http://www.escience.am/ca/index.html), which is a member of European Policy Management Authority for Grid Authentication (EUGridPMA,https://www.eugridpma.org) created Graphical User Interface for the generating a private key and Certificate Signing Request (CSR). According our Certification Policy, the minimum key length for a user or host/service certificate is 1024 bits. The firefox gives to users a choice of RSA key between "high" strength (2048 bits) and "medium" strength (1024 bits). It provides with HTML keygenelement. Would you help us to change text of HTML form: "High Grade" and "Medium Grade" and to set the default value of them. Thank you in advance Armenuhi Abramyan ArmeSFo CA operator
-- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
