SPKAC
SPKAC is an acronym that stands for Signed Public Key and Challenge, also known as Netscape SPKI.
It is a format for sending a Certification Signing Request: it encodes a public key, that can be manipulated using openssl.[1] It is created using the little documented HTML keygen element[2] inside a number of Netscape compatible browsers.
Implementations
HTML5 originally specificed the <keygen>
element to support SPKAC in the browser to make it easier to create client side certificates through a web service for protocols such as WebID;[3][4] however, subsequent work for HTML 5.1 placed the keygen element "at-risk", and the first public working draft of HTML 5.2 removes the keygen element entirely.[5][6][7] The removal of the keygen element is due to non-interoperability and non-conformity from a standards perspective in addition to security concerns.[8] The W3C Web Authentication Working Group is working on the Web Authentication API to replace the keygen element.[9]
Bouncy Castle provides a Java class.[10][11]
An implementation for Erlang/OTP exists too.[12]
An implementation for Python is named pyspkac.[13]
PHP OpenSSL extension as of version 5.6.0.[14]
node.js implementation.[15]
Deficiencies
The user interface needs to be improved in browsers, to make it more obvious to users when a server is asking for the client certificate.[16]
References
- ↑ "Documents, spkac(1)". OpenSSL. Retrieved 2013-10-13.
- ↑ "Html | Mdn". Developer.mozilla.org. 2013-08-15. Retrieved 2013-10-13.
- ↑ "HTML5 W3C Recommendation 28 October 2014. 4.10.12 The keygen element". W3C. 2014-10-28. Retrieved 2016-10-17.
- ↑ "WebID: creating a global decentralised authentication protocol". W3C. Retrieved 2013-10-13.
- ↑ Nevile, Chaals (2016-06-03). "Re: Call for Consensus - Remove <keygen> from HTML". W3C HTML Working Group (Mailing list). Retrieved 2016-10-17.
- ↑ "HTML5.1: CR 21 June 2016. Status of this document". W3C. 2016-06-21. Retrieved 2016-10-17.
- ↑ "HTML 5.2: First Public WD. Changes from HTML 5.1". W3C. 2016-08-18. Retrieved 2016-10-17.
- ↑ W3C Technical Architecture Group (2015-11-30). "Keygen and Client Certificates". W3C. Retrieved 2016-10-17.
- ↑ Halpin, Harry; Appelquist, Daniel; Mill, Eric; Gmür, Reto (2016-05-31). "Re: removing keygen from HTML". W3C WWW Technical Architecture Group (Mailing list). Retrieved 2016-10-17.
- ↑ "Bouncy Castle Java Documentation". Retrieved 2013-12-06.
- ↑ "foaf-protocols] spkac test implementation in Java". Lists.foaf-project.org. Retrieved 2013-10-13.
- ↑ "ztmr/espkac @ GitHub". Github.com. Retrieved 2013-10-13.
- ↑ "pyspkac". Github.com. Retrieved 2013-12-06.
- ↑ "php 5.6.0 OpenSSL Native SPKAC support".
- ↑ "node.js spki support".
- ↑ "User tracking with SSL certificates in Firefox - The H Security: News and Features". Heise-online.co.uk. 2007-09-19. Archived from the original on 2008-09-19. Retrieved 2013-10-13.
External links
- An overview of how the keygen tag works with spkac in php
- PHP v5.6 now supports SPKAC natively
- Native SPKAC support in PHP OpenSSL extension with release of v5.6.0-Alpha3
- Native SPKAC support in Node.js (with release of v0.11.8)
- SPKAC demo in Node.js (requires node.js release > v0.11.8)