|
|
| Line 1: |
Line 1: |
| <h4>
| |
| <font face="Arial,Helvetica">generateCRMFRequest()</font></h4>
| |
| <tt>crmfObject = crypto.generateCRMFRequest(<i>"requestedDN", "regToken",
| |
| "authenticator","escrowAuthorityCert", "KeyGen Done Code",keySize1, "keyParams1",
| |
| "keyGenAlg1",..., keySizeN, "keyParamsN", "keyGenAlgN");</i></tt>
| |
|
| |
|
| This method will generate a sequence of CRMF requests that has N requests.
| | The content that used to be on this page has been moved to DevMo, and will be updated only on DevMo |
| One request for each key pair that is generated. The first three
| |
| parameters will be applied to every request. the "escrowAuthorityCert"
| |
| parameter will only be used for requests that pertain to a key that is
| |
| being escrowed. After the "escrowAuthorityCert" parameter, the method
| |
| takes some JavaScript code that is invoked when the CRMF request
| |
| is ready. Finally, there are 1 or more sets of key generation arguments.
| |
| Each key generation will be associated with its own request. All
| |
| the requests will have the same DN.
| |
| <br>
| |
| <table BORDER WIDTH="100%" >
| |
|
| |
|
| <tr>
| | Please refer to the page documenting Javascript crypto on developer.mozilla.org and update your references to point directly to it : |
| <td ALIGN=CENTER VALIGN=TOP><b>Argument</b></td>
| | [http://developer.mozilla.org/en/docs/generateCRMFRequest http://developer.mozilla.org/en/docs/generateCRMFRequest] |
| | |
| <td ALIGN=CENTER><b>Description</b></td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td><i><tt>"requestedDN"</tt></i></td>
| |
| | |
| <td>An RFC1485 formatted DN to include in the certificate request.</td>
| |
| </tr>
| |
| | |
| <tr>
| |
| | |
| <td><i><tt>"regToken"</tt></i></td>
| |
| | |
| <td>A value used to authenticate the user to the RA/CA.</td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td><i><tt>"authenticator"</tt></i></td>
| |
| | |
| <td>A value that the user can authenticate with in the future when their
| |
| private key is not available. Can be used for key recovery or revocation
| |
| requests.</td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td><i><tt>"escrowAuthorityCert"</tt></i></td>
| |
| | |
| <td>If this value is NULL, then no key escrow will be performed. This value
| |
| specifies which KRA certificate should be used to wrap the private key
| |
| being escrowed. The user will be prompted for confirmation whenever a key
| |
| will be escrowed. Only key exchange keys will be escrowed. If a dual
| |
| use key is being generated, it will not be escrowed. The value of
| |
| this argument is a base-64 encoded certificate.</td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td><i><tt>"CRMF Generation Done Code"</tt></i></td>
| |
| | |
| <td>This parameter is JavaScript to execute when the CRMF generation is
| |
| complete. </td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td VALIGN=TOP><i><tt>keySizeN</tt></i></td>
| |
| | |
| <td>The size in bits of the Nth key to generate</td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td VALIGN=TOP><i><tt>"keyParamsN"</tt></i></td>
| |
| | |
| <td>This string is an optional algorithm dependent parameter value. For
| |
| Diffie-Hellman it is used to specify p and g parameters. For DSA,
| |
| it will be used to specify pqg. If the key generation requires parameters | |
| and the value passed in is NULL, then the client will generate the parameters
| |
| on its own. Currently, this value is ignored.</td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td VALIGN=TOP><i><tt>"keyGenAlgN"</tt></i></td>
| |
| | |
| <td>Which algorithm the generated key will support. Acceptable values are
| |
| (the mentioned values for keyUsage pertain to the keyUsage value of the
| |
| Certificate Extension that will ultimately be in the issued certificate):
| |
| <ul>
| |
| <li>
| |
| "rsa-ex" - generate an RSA key for key exchange only (This will have keyEncipherment
| |
| set for keyUsage.)</li>
| |
| | |
| <li>
| |
| "rsa-dual-use" - generate a single RSA key for both signing and encryption.
| |
| (This will have digitalSignature, keyEncipherment, and nonRepudiation set
| |
| for keyUsage.)</li>
| |
| | |
| <li>
| |
| "rsa-sign" - generate an RSA key for signing only. (This will have digitalSignature
| |
| set for keyUsage.)</li>
| |
| | |
| <li>
| |
| "rsa-nonrepudiation" - generate a single RSA key for nonRepudiation only.
| |
| (This will have non-repudiation set for keyUsage.)</li>
| |
| | |
| <li>
| |
| "rsa-sign-nonrepudiation" - generate a single RSA key use for both signing
| |
| and nonRepudiation. (This will have both digitalSignature and nonRepudiation
| |
| set for keyUsage.)</li>
| |
| | |
| <li>
| |
| "dsa-sign" - generate a single DSA key for signing only. (This will have
| |
| digitalSignature set for keyUsage.)</li>
| |
| | |
| <li>
| |
| "dsa-nonrepudiation" - generate a single DSA key for nonRepudiation. (This
| |
| will have nonRepudiation set for keyUsage.)</li>
| |
| | |
| <li>
| |
| "dsa-sign-nonrepudiation" - generate a single DSA key for signing and non-repudiation.
| |
| (This will have digitalSignature and nonRepudiation set for keyUsage.)</li>
| |
| </ul>
| |
| </td>
| |
| </tr>
| |
| </table>
| |
| | |
| The <b>generateCRMFRequest()</b> method will cause the user to be presented
| |
| with a key generation dialog. The dialog describes the key generation process
| |
| and gives the user the opportunity to cancel the operation.
| |
| <p>The method <b>generateCRMFRequest() </b>will return an instance of a
| |
| [[CRMF Request object]]. The JavaScript passed in as the <i><tt>"CRMF Generation Done
| |
| Code"</tt></i> parameter should look at the attribute <i>request </i>of
| |
| the returned object to get the result of the CRMF generation.
| |
| | |
| The string found by accessing <i><tt>crmfObject.request</tt></i> is
| |
| the base-64 encoded CRMF message to be sent to the CA/RA, or an error string.
| |
| The possible error strings are:
| |
| <br>
| |
| <table BORDER WIDTH="100%" >
| |
| <tr>
| |
| <td ALIGN=CENTER><b>Error String</b></td>
| |
| | |
| <td ALIGN=CENTER><b>Description</b></td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td>"error:invalidParameter:XXX"</td>
| |
| | |
| <td>The parameter XXX was an invalid value.</td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td>"error:userCancel"</td>
| |
| | |
| <td>the user has canceled the key generation operation</td>
| |
| </tr>
| |
| | |
| <tr>
| |
| <td>"error:internalError"</td>
| |
| | |
| <td>the software encountered some internal error, such as out of memory</td>
| |
| </tr>
| |
| </table>
| |