Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

Firefox PKCS11 enrollment

Anonymous
2012-10-20
2013-02-18

  • Anonymous
    2012-10-20

    Hi
    I wrote a program that uses CA web service to generate cetificate. According to "https://developer.mozilla.org/en-US/docs/JavaScript_crypto" it calls window.crypto.generateCRMFRequest(…) and after that call crmfRequest webservice from CA. but in  importUserCertificates(…) I have to pass certificate in CMMF format. if I understood, EJBCA can accept CRMF request, but can not generate CMMF certificate. How can I convert returned certificate to CMMF format?

     

  • Anonymous
    2012-10-20

    Hi,
    As the URL says this scheme is only supported by Firefox and therefore there 's no built-in support in EJBCA for it.
    But we do recognize CRMF as input format to for example WebServices.  On output we current only support X509 or PKCS #7.

    I would recommend you to not use CRMF but rather use <keygen> which is already a part of EJBCA's public web.

    Anyway, If you must  use the Firefox javascript functions it is easy writing a servlet that does that (see DemoCetrtServlet), including the CMMF coding.  However, I can't find a good definition of CMMF, can you?

    Cheers,
    Anders
    tech support

     

  • Anonymous
    2012-10-24

    Hi,
    Thanks for reply. Yes I used <keygen> that is a part of HTML5 and it works. But the JavaScript Crypto class has more flexibility. For example I can specify key length in code.
    I wrote a servlet that get the certificate from CA via Web Service and I know that I should change the format of returned certificate and then pass it to browser (JavaScript). But unfortunately I couldn't find good sample code or library for converting to CMMF.
    The best thing that I found is "org.mozilla.jss.pkix.cmmf" package (http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/pkix/cmmf/package-summary.html), but it is so complex ;-) . Do you have any good sample from this package for converting CMMF response?