大佬教程收集整理的这篇文章主要介绍了如何使用Javascript WebCrypto API加载PKCS#12数字证书,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
var buffer = encode(prompt("Please enter your password")); //TODO: //implement a prompt for a pfx or cert return crypto.subtle.importKey("raw",buffer,"PBKDF2",false,usages); //TODO: //instead of imporTing it,ask for the certificate's pass to sign data //with crypto.subtle.sign
任何指针?
updatE
这是我一直在工作的代码
<script src="forge.min.js"></script> <script> var errorsReportedByVerifier; errorsReportedByVerifier = checkStorage() && checkBrowserAPIs(); if (!errorsReportedByVerifier){ console.log("adding click event"); document.getElementById('btnPfx').addEventListener('click',handlePFXFile,falsE); storeVariables(); getVariables(); } function handlePFXFile(evnt) { console.log("handling pfx") //alert(document.getElementById('pfx').value); //error happens in 1st line //error object does not accept property replace //forge.min.js Line 1,column: 17823 var p12Der = forge.util.decode64(document.getElementById('pfx').valueOf()); //var pkcs12Asn1 = forge.asn1.fromDer(p12Der); //var pkcs12 = forge.pkcs12.pkcs12FromAsn1(pkcs12Asn1,'pss'); console.log("pkcs12"); } </script>
阅读PKCS#12证书
PKCS#12存储在DER中,因此首先从文件读取它或使用预存的base64
//Reading certificate from a 'file' form field var reader = new FileReader(); reader.onload = function(E) { var contents = e.target.result; var pkcs12Der = arrayBufferToString(contents) var pkcs12B64 = forge.util.encode64(pkcs12Der); //do something else... } reader.readAsArrayBuffer(filE); function arrayBufferToString( buffer ) { var binary = ''; var bytes = new Uint8Array( buffer ); var len = bytes.byteLength; for (var i = 0; i < len; i++) { binary += String.fromCharCode( bytes[ i ] ); } return binary; } //p12 certificate stored in Base64 format var pkcs12Der= forge.util.decode64(pkcs12B64);
解密PKCS#12,伪造并提取私钥
然后将DER格式解码为ASN1,并使伪造读取内容
var pkcs12Asn1 = forge.asn1.fromDer(pkcs12Der); var pkcs12 = forge.pkcs12.pkcs12FromAsn1(pkcs12Asn1,password);
然后从pkcs12获取所需证书的私钥(参见forge doC)并转换为PKCS#8以使用webcrypto导入
// load keypair and cert chain from safe content(s) for(var sci = 0; sci < pkcs12.safeContents.length; ++sci) { var safeContents = pkcs12.safeContents[sci]; for(var sbi = 0; sbi < safeContents.safeBags.length; ++sbi) { var safeBag = safeContents.safeBags[sbi]; // this bag has a private key if(safeBag.type === forge.pki.oids.keyBag) { //Found plain private key privateKey = safeBag.key; } else if(safeBag.type === forge.pki.oids.pkcs8ShroudedKeyBag) { // found encrypted private key privateKey = safeBag.key; } else if(safeBag.type === forge.pki.oids.certBag) { // this bag has a certificate... } } }
转换为PKCS#8
_privateKeyToPkcs8 function (privateKey) { var rsaPrivateKey = forge.pki.privateKeyToAsn1(privateKey); var privateKeyInfo = forge.pki.wrapRsaPrivateKey(rsaPrivateKey); var privateKeyInfoDer = forge.asn1.toDer(privateKeyInfo).getBytes(); var privateKeyInfoDerBuff = StringToArrayBuffer(privateKeyInfoDer); return privateKeyInfoDerBuff; } function StringToArrayBuffer(data){ var arrBuff = new ArrayBuffer(data.length); var writer = new Uint8Array(arrBuff); for (var i = 0,len = data.length; i < len; i++) { writer[i] = data.charCodeAt(i); } return arrBuff; }
导入密钥在Webcrypto
最后导入webcrypto的密钥
function _importCryptoKeyPkcs8(privateKey,extractablE) { var privateKeyInfoDerBuff = _privateKeyToPkcs8(privateKey); //Importa la clave en la webcrypto return crypto.subtle.importKey( 'pkcs8',privateKeyInfoDerBuff,{ name: "RSASSA-PKCS1-v1_5",hash:{name:"SHA-256"}},extractable,["sign"]); } _importCryptoKeyPkcs8(entry.privateKey,extractablE). then(function(cryptoKey) { //your cryptokey is here!!! }
电子签名
使用从上述方法返回的导入的cryptoKey,您可以使用webcrypto进行签名.
var digestToSign = forge.util.decode64(digestToSignB64); var digestToSignBuf = StringToArrayBuffer(digestToSign); crypto.subtle.sign( {name: "RSASSA-PKCS1-v1_5"},cryptoKey,digestToSignBuf) .then(function(signaturE){ signatureB64 = forge.util.encode64(arrayBufferToString(signaturE)) }
我包括来自base64的编码,因为数据转换不是微不足道的
在pkc12中,如果您需要构建像AdES这样的高级格式,您也可以拥有认证链
以上是大佬教程为你收集整理的如何使用Javascript WebCrypto API加载PKCS#12数字证书全部内容,希望文章能够帮你解决如何使用Javascript WebCrypto API加载PKCS#12数字证书所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。