Hi,
You mean <http://pheox.com/products/jcapi/>
Interesting link (\me writes down)
But in that case, what you do is basically do is provide the user
with a tool to extract his cert from a Windows keystore and then
upload the cert to the server over an open connection.
This is perfectly all right as long as you do not need to make
sure that the client machine that is uploading the cert to the
server is actually also one on which there currently is a user
that knows the password to the keystore. After all, one someone
snarfs the certificate, he can impersonate that browser.
Which may or may not be what you want. Or do you have some additional
security cooking in there? (Just curious, no need to answer)
Best,
-- David
--On Tuesday, February 21, 2006 4:31 PM -0300 Luis Henrique <[EMAIL PROTECTED]>
wrote:
I have founded one way to do what I want
I have used the JCAPI lib (www.phoex.com) in an applet
So, now the user can choose the cert to send to server. It works on
Windows keystore.
On 2/17/06, David Tonhofer, m-plify S.A. <[EMAIL PROTECTED]> wrote:
--On Friday, February 17, 2006 2:01 PM -0300 Luis Henrique <[EMAIL PROTECTED]>
wrote:
> I dont care about the session security.
> I just want to associate the broser user with one in my database. For
> this a need to get his cert.
You *can* set up HTTPS then drop to NULL encryption :-P To get the cert
transparently you have to use the HTTPS protocol - there is no other
wide-recognized protocol to get at the cert. Consider:
You have to make sure that the cert you get is actually one that the
user is allowed to present you (one that he didn't snatch off the
neighbour's disk). This is done by checking whether the client also
owns the private key associated to the public key in the cert, so
some encryption traffic will have to take place.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
