A
antonyliu2002
Hi,
My web application does user authentication through X.509 digital
certificates in combination with user name and password.
When the user applies for a digital certificate from my certification
authority (CA), I have a VBScript code that generates a public/private
key pair with the RSA algorithm, as well as the certificate signing
request (CSR) in PKCS#10 format. I assume that the key pair should be
maintained by the browser (my application support Internet Explorer
only at this moment). Am I right?
Now, when the user tries to log into his account, I would like to have
my web application receive a digitally signed token from the client.
The token can be the client's username signed with his/her private
key.
Since this signing process will happen on the client side, it can only
be handled by client side script, for example, JavaScript.
But, how do we get access to the private key with JavaScript? Thanks
a million.
AL
My web application does user authentication through X.509 digital
certificates in combination with user name and password.
When the user applies for a digital certificate from my certification
authority (CA), I have a VBScript code that generates a public/private
key pair with the RSA algorithm, as well as the certificate signing
request (CSR) in PKCS#10 format. I assume that the key pair should be
maintained by the browser (my application support Internet Explorer
only at this moment). Am I right?
Now, when the user tries to log into his account, I would like to have
my web application receive a digitally signed token from the client.
The token can be the client's username signed with his/her private
key.
Since this signing process will happen on the client side, it can only
be handled by client side script, for example, JavaScript.
But, how do we get access to the private key with JavaScript? Thanks
a million.
AL