GenerateCRMFRequest: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
 
(Redirect everybody to DevMo)
 
Line 1: Line 1:
<h4>
<font face="Arial,Helvetica">generateCRMFRequest()</font></h4>
<tt>crmfObject = crypto.generateCRMFRequest(<i>"requestedDN", "regToken",
"authenticator","escrowAuthorityCert", "KeyGen Done Code",keySize1, "keyParams1",
"keyGenAlg1",..., keySizeN, "keyParamsN", "keyGenAlgN");</i></tt>


This method will generate a sequence of CRMF requests that has N requests.&nbsp;
The content that used to be on this page has been moved to DevMo, and will be updated only on DevMo
One request for each key pair that is generated.&nbsp; The first three
parameters will be applied to every request.&nbsp; the "escrowAuthorityCert"
parameter will only be used for requests that pertain to a key that is
being escrowed.&nbsp; After the "escrowAuthorityCert" parameter, the method
takes some JavaScript code that&nbsp; is invoked when the CRMF request
is ready. Finally, there are 1 or more sets of key generation arguments.&nbsp;
Each key generation will be associated with its own request.&nbsp; All
the requests will have the same DN.
<br>&nbsp;
<table BORDER WIDTH="100%" >


<tr>
Please refer to the page documenting Javascript crypto on developer.mozilla.org and update your references to point directly to it :
<td ALIGN=CENTER VALIGN=TOP><b>Argument</b></td>
[http://developer.mozilla.org/en/docs/generateCRMFRequest http://developer.mozilla.org/en/docs/generateCRMFRequest]
 
<td ALIGN=CENTER><b>Description</b></td>
</tr>
 
<tr>
<td><i><tt>"requestedDN"</tt></i></td>
 
<td>An RFC1485 formatted DN to include in the certificate request.</td>
</tr>
 
<tr>
 
<td><i><tt>"regToken"</tt></i></td>
 
<td>A value used to authenticate the user to the RA/CA.</td>
</tr>
 
<tr>
<td><i><tt>"authenticator"</tt></i></td>
 
<td>A value that the user can authenticate with in the future when their
private key is not available. Can be used for key recovery or revocation
requests.</td>
</tr>
 
<tr>
<td><i><tt>"escrowAuthorityCert"</tt></i></td>
 
<td>If this value is NULL, then no key escrow will be performed. This value
specifies which KRA certificate should be used to wrap the private key
being escrowed. The user will be prompted for confirmation whenever a key
will be escrowed.&nbsp; Only key exchange keys will be escrowed. If a dual
use key is being generated, it will not be escrowed.&nbsp; The value of
this argument is a base-64 encoded certificate.</td>
</tr>
 
<tr>
<td><i><tt>"CRMF Generation Done Code"</tt></i></td>
 
<td>This parameter is JavaScript to execute when the CRMF generation is
complete.&nbsp;</td>
</tr>
 
<tr>
<td VALIGN=TOP><i><tt>keySizeN</tt></i></td>
 
<td>The size in bits of the Nth key to generate</td>
</tr>
 
<tr>
<td VALIGN=TOP><i><tt>"keyParamsN"</tt></i></td>
 
<td>This string is an optional algorithm dependent parameter value. For
Diffie-Hellman it is used to specify p and g parameters.&nbsp; For DSA,
it will be used to specify pqg. If the key generation requires parameters
and the value passed in is NULL, then the client will generate the parameters
on its own. Currently, this value is ignored.</td>
</tr>
 
<tr>
<td VALIGN=TOP><i><tt>"keyGenAlgN"</tt></i></td>
 
<td>Which algorithm the generated key will support. Acceptable values are
(the mentioned values for keyUsage pertain to the keyUsage value of the
Certificate Extension that will ultimately be in the issued certificate):&nbsp;
<ul>
<li>
"rsa-ex" - generate an RSA key for key exchange only (This will have keyEncipherment
set for keyUsage.)</li>
 
<li>
"rsa-dual-use" - generate a single RSA key for both signing and encryption.&nbsp;
(This will have digitalSignature, keyEncipherment, and nonRepudiation set
for keyUsage.)</li>
 
<li>
"rsa-sign" - generate an RSA key for signing only. (This will have digitalSignature
set for keyUsage.)</li>
 
<li>
"rsa-nonrepudiation" - generate a single RSA key for nonRepudiation only.
(This will have non-repudiation set for keyUsage.)</li>
 
<li>
"rsa-sign-nonrepudiation" - generate a single RSA key use for both signing
and nonRepudiation. (This will have both digitalSignature and nonRepudiation
set for keyUsage.)</li>
 
<li>
"dsa-sign" - generate a single DSA key for signing only. (This will have
digitalSignature set for keyUsage.)</li>
 
<li>
"dsa-nonrepudiation" - generate a single DSA key for nonRepudiation. (This
will have nonRepudiation set for keyUsage.)</li>
 
<li>
"dsa-sign-nonrepudiation" - generate a single DSA key for signing and non-repudiation.
(This will have digitalSignature and nonRepudiation set for keyUsage.)</li>
</ul>
</td>
</tr>
</table>
 
The <b>generateCRMFRequest()</b> method will cause the user to be presented
with a key generation dialog. The dialog describes the key generation process
and gives the user the opportunity to cancel the operation.
<p>The method <b>generateCRMFRequest() </b>will return an instance of a
[[CRMF Request object]]. The JavaScript passed in as the <i><tt>"CRMF Generation Done
Code"</tt></i> parameter should look at the attribute <i>request </i>of
the returned object to get the result of the CRMF generation.
 
The string found by accessing <i><tt>crmfObject.request</tt></i> is
the base-64 encoded CRMF message to be sent to the CA/RA, or an error string.
The possible error strings are:
<br>&nbsp;
<table BORDER WIDTH="100%" >
<tr>
<td ALIGN=CENTER><b>Error String</b></td>
 
<td ALIGN=CENTER><b>Description</b></td>
</tr>
 
<tr>
<td>"error:invalidParameter:XXX"</td>
 
<td>The parameter XXX was an invalid value.</td>
</tr>
 
<tr>
<td>"error:userCancel"</td>
 
<td>the user has canceled the key generation operation</td>
</tr>
 
<tr>
<td>"error:internalError"</td>
 
<td>the software encountered some internal error, such as out of memory</td>
</tr>
</table>

Latest revision as of 13:14, 26 January 2006

The content that used to be on this page has been moved to DevMo, and will be updated only on DevMo

Please refer to the page documenting Javascript crypto on developer.mozilla.org and update your references to point directly to it : http://developer.mozilla.org/en/docs/generateCRMFRequest

Retrieved from "https://wiki.mozilla.org/index.php?title=GenerateCRMFRequest&oldid=21263"