SPKAC
SPKAC is an acronym that stands for Signed Public Key and Challenge, also known as Netscape SPKI.
It is a format for sending a Certification Signing Request: it encodes a public key, that can be manipulated using openssl.[1] It is created using the little documented HTML keygen element[2] inside a number of Netscape compatible browsers.
Implementations
HTML5 has now specified the keygen element,[3] and has more info on SPKAC.[4] This can be very useful for making it easy to create client side certificates through a web service for protocols such as WebID.[5]
Bouncy Castle provides a Java class.[6][7]
An implementation for Erlang/OTP exists too.[8]
An implementation for Python is named pyspkac.[9]
PHP OpenSSL extension as of version 5.6.0.[10]
Deficiencies
The user interface needs to be improved in browsers, to make it more obvious to users when a server is asking for the client certificate.[11]
References
- ^ "Documents, spkac(1)". OpenSSL. Retrieved 2013-10-13.
- ^ "Html | Mdn". Developer.mozilla.org. 2013-08-15. Retrieved 2013-10-13.
- ^ "HTML 5.1 Nightly". Dev.w3.org. 2004-02-05. Retrieved 2013-10-13.
- ^ "HTML 5.1 Nightly". Dev.w3.org. 2004-02-05. Retrieved 2013-10-13.
- ^ "WebID: creating a global decentralised authentication protocol". W3.org. Retrieved 2013-10-13.
- ^ "Bouncy Castle Java Documentation". Retrieved 2013-12-06.
- ^ "foaf-protocols] spkac test implementation in Java". Lists.foaf-project.org. Retrieved 2013-10-13.
- ^ "ztmr/espkac @ GitHub". Github.com. Retrieved 2013-10-13.
- ^ "pyspkac". Github.com. Retrieved 2013-12-06.
- ^ "php 5.6.0 OpenSSL Native SPKAC support".
- ^ "User tracking with SSL certificates in Firefox - The H Security: News and Features". Heise-online.co.uk. 2007-09-19. Archived from the original on 2008-09-19. Retrieved 2013-10-13.
{{cite web}}
: Unknown parameter|deadurl=
ignored (|url-status=
suggested) (help)