SPKAC

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

SPKAC is an acronym that stands for Signed Public Key and Challenge, also known as Netscape SPKI.

It is a format for sending a Certification Signing Request: it encodes a public key, that can be manipulated using openssl.[1] It is created using the little documented HTML keygen element[2] inside a number of Netscape compatible browsers.

Implementations[edit]

HTML5 originally specified the <keygen> element to support SPKAC in the browser to make it easier to create client side certificates through a web service for protocols such as WebID;[3][4] however, subsequent work for HTML 5.1 placed the keygen element "at-risk", and the first public working draft of HTML 5.2 removes the keygen element entirely.[5][6][7] The removal of the keygen element is due to non-interoperability and non-conformity from a standards perspective in addition to security concerns.[8] The W3C Web Authentication Working Group is working on the Web Authentication API to replace the keygen element.[9]

Bouncy Castle provides a Java class.[10][11]

An implementation for Erlang/OTP exists too.[12]

An implementation for Python is named pyspkac.[13]

PHP OpenSSL extension as of version 5.6.0.[14]

node.js implementation.[15]

Deficiencies[edit]

The user interface needs to be improved in browsers, to make it more obvious to users when a server is asking for the client certificate.[16]

References[edit]

  1. ^ "Documents, spkac(1)". OpenSSL. Retrieved 2017-04-05.
  2. ^ "Html | Mdn". Developer.mozilla.org. 2013-08-15. Retrieved 2013-10-13.
  3. ^ "HTML5 W3C Recommendation 28 October 2014. 4.10.12 The keygen element". W3C. 2014-10-28. Retrieved 2016-10-17.
  4. ^ "WebID: creating a global decentralised authentication protocol". W3C. Retrieved 2013-10-13.
  5. ^ Nevile, Chaals (2016-06-03). "Re: Call for Consensus - Remove <keygen> from HTML". W3C HTML Working Group (Mailing list). Retrieved 2016-10-17.
  6. ^ "HTML5.1: CR 21 June 2016. Status of this document". W3C. 2016-06-21. Retrieved 2016-10-17.
  7. ^ "HTML 5.2: First Public WD. Changes from HTML 5.1". W3C. 2016-08-18. Retrieved 2016-10-17.
  8. ^ W3C Technical Architecture Group (2015-11-30). "Keygen and Client Certificates". W3C. Retrieved 2016-10-17.
  9. ^ Halpin, Harry; Appelquist, Daniel; Mill, Eric; Gmür, Reto (2016-05-31). "Re: removing keygen from HTML". W3C WWW Technical Architecture Group (Mailing list). Retrieved 2016-10-17.
  10. ^ "Bouncy Castle Java Documentation". Retrieved 2013-12-06.
  11. ^ "foaf-protocols] spkac test implementation in Java". Lists.foaf-project.org. Retrieved 2013-10-13.
  12. ^ "ztmr/espkac @ GitHub". Github.com. Retrieved 2013-10-13.
  13. ^ "pyspkac". Github.com. Retrieved 2013-12-06.
  14. ^ "php 5.6.0 OpenSSL Native SPKAC support".
  15. ^ "node.js spki support".
  16. ^ "User tracking with SSL certificates in Firefox - The H Security: News and Features". Heise-online.co.uk. 2007-09-19. Archived from the original on 2008-09-19. Retrieved 2013-10-13.

External links[edit]