Alternatives to HTML's deprecated for client certs?

Question

The keygen tag is used to make browsers generate private keys and POST the resulting CSR to the server, which can then issue a certificate. It's now been deprecated, for rather stupid reasons but that's besides the point.

So, what are the alternatives for a browser to obtain a client cert?

afaik it will not be deprecated https://lists.w3.org/Archives/Public/public-web-security/2015Sep/0006.html — Daniel Ruf, Nov 24 '15 at 19:00
@DanielRuf then why is does it say "deprecated" on the MDN page? — André Borie, Dec 03 '15 at 15:18
@AndréBorie Is is marked as deprecated but still exists in browsers, they have to find alternatives before they deprecate and remove it in browsers. Did you read the answer here? https://lists.w3.org/Archives/Public/public-web-security/2015Sep/0006.html "Though some browsers may still support it, it is in the process of being dropped" This takes a while until the browser vendors do this step. — Daniel Ruf, Dec 03 '15 at 15:21
[Web Authentication](https://w3c.github.io/webauthn/) -> *"An API for accessing Public Key Credentials"* is now the new standard for this deprecated html element ... Also read https://webauthn.guide/ to learn more... i believe the browser support are the modern Firefox, Edge and Google chrome and thats about it.. — Raymond Nijland, Oct 04 '19 at 15:26
@RaymondNijland The words CSR or Certificate Signing Request do not occur in the Web Authenticate draft. It is not obvious how this is an alternative to keygen: keygen was simple, the Web Authentication document is monstrous. — ceving, Mar 02 '20 at 08:31

score 10 · Accepted Answer · edited Jun 16 '20 at 09:49

10

In this post in the chromium forum there are alternatives mentioned

Within the browser space, alternatives exist such as:

Use the device's native management capabilities if an enterprise use case. On Windows, this is Group Policy. On iOS/Android, this is the mobile device management suites. On OS X, this is Enterprise settings. On ChromeOS, there is chrome.enterprise.platformKeys [11] for enterprise-managed extensions.

Use WebCrypto to implement certificate enrollment, then deliver the certificate and (exported) private key in an appropriate format for the platform (such as PKCS#7) and allow the native OS UI to guide users through installation of certificates and keys.

WebCrypto is supported by many browsers: [link]

And you can use openpgp.js and other solutions. [openpgp.js]

Here are some examples.

You can also generate a CSR: https://www.w3.org/community/webcryptoapi/draft/#generatecertrequest-method

Some library for generating CSRs: https://pkijs.org/

Here is an example with PKIjs for generating selfsigned X509 certs + the keypairs:

https://github.com/infotechinc/create-x509-certificate

The generateKey() function creates keypairs.

https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#SubtleCrypto-method-generateKey

edited Jun 16 '20 at 09:49

Community

1

answered Dec 03 '15 at 15:29

Daniel Ruf

1,682
14
18

Do you have an example of implementing the functionality of using WebCrypto ? As far as OpenPGP.js goes, it's definitely not what I'm looking for. – André Borie Dec 03 '15 at 15:35
@MikeOunsworth thanks for the hint and formatting my answer. The API specification mentions the functions for generating a CSR and I linked also a library for generating CSR using WebCrypto. – Daniel Ruf Dec 03 '15 at 17:05
I know. You just can generate a CSR with WebCrypto but you have to submit it manually. And a private key is required. There are other tools for clients to submit a CSR. OpenSSL implementations (serverside) can parse the CSR and create the final certificate. – Daniel Ruf Dec 03 '15 at 17:26
Where do you read this? I just see this question: "So, what are the alternatives for a browser to obtain a client cert?" – Daniel Ruf Dec 03 '15 at 17:31
The examples from GitHub show how a keypair can be generated. And tere is generateKey(). So what is missing? The question is not quite clear. – Daniel Ruf Dec 03 '15 at 17:41
Ah, there is a `generateKey()`. Perfect. That's the piece that was missing! Thanks! – Mike Ounsworth Dec 03 '15 at 18:19
I'm confused how one would interact with the native OS UI via a website rendered in a browser. Is there an API for this or do users have to do that manually? – B T Apr 05 '16 at 23:42
Do you mean WebCrypto? This is the new official API for browser implementations. – Daniel Ruf Apr 10 '16 at 15:39
Moving private key over the net is never an alternative to a CSR. – ceving May 03 '19 at 10:00
This answer is outdated now but still worth the voteup as this can be a valid backup where browser does not support [Web Authentication](https://w3c.github.io/webauthn/) -> *"An API for accessing Public Key Credentials"* which now the new standard for this deprecated html element ... Also read https://webauthn.guide/ to learn more i believe the browser support are the modern Firefox, Edge and Google chrome and thats about it.. – Raymond Nijland Oct 04 '19 at 15:25
1

@RaymondNijland It is not a technical problem to transfer a private key. It is a security problem. The certificate signing request has been invented to keep the private key private. If you send the private key over the net, it is not private any more. – ceving Oct 06 '19 at 13:17
seams i was not clear in mine old (deleted) comment @ceving You should not indeed not send the private key which is used to sign all client certificates, i was talking about transporting the clients own (generated) private key/public key, that should be fine to be transported on a SSL channel (https) from the server to a client or the other way around .. Anyhow from what i understand those libraries also support CRS (certificate signing request) . – Raymond Nijland Oct 06 '19 at 14:30

score 5 · Answer 2 · edited Dec 15 '16 at 16:48

The WebCrypto API is currently not an alternative for the keygen tag, as confirmed by the WebCrypto API spec:

This API, while allowing applications to generate, retrieve, and manipulate keying material, does not specifically address the provisioning of keys in particular types of key storage, such as secure elements or smart cards. This is due to such provisioning operations often being burdened with vendor-specific details that make defining a vendor-agnostic interface an unsuitably unbounded task. Additionally, this API does not deal with or address the discovery of cryptographic modules, as such concepts are dependent upon the underlying user agent and are not concepts that are portable between common operating systems, cryptographic libraries, and implementations.

score 3 · Answer 3 · answered Mar 02 '20 at 01:50

3

In case you already have a <keygen>-based setup and want to keep using it, I created a project which attempts to implement a JavaScript polyfill for <keygen>:

https://github.com/CyberShadow/keygen.js

answered Mar 02 '20 at 01:50

Vladimir Panteleev

191
6

Can this generate a private key/CSR, and hold it for pairing from a trusted CA (like Keygen used to)? I'm trying desperately to avoid a standalone utility to generate authenticode certificate requests but so far, I've fallen short. I took a quick glance at what you were doing there and it appears the answer to my question is 'no', but I thought I'd ask just the same. – Mitchell V Jul 29 '21 at 00:42
This implementation expects that the form that the `` is on will return a certificate. – Vladimir Panteleev Jul 29 '21 at 06:35

score 1 · Answer 4 · answered Apr 13 '17 at 19:59

1

At this point (April 2017) I had to create a native app. Only FireFox works with the keygen tag, and, no matter what javascript library you may find you will not be able to import the certificate to Windows so it can be used from Chrome, for example.

answered Apr 13 '17 at 19:59

Michael Chourdakis

111
3

score 0 · Answer 5 · answered Apr 05 '16 at 05:54

I just wrote a web-based client certificate utility that is entirely cross browser (does require modern browsers tho). It allows users to do single-password authentication and single-click auth. Your keys get encrypted with your single password, so you're a bit safer than <keygen> keys (since those aren't password protected). Users will eventually be able to create and use multiple identities that can be different for different websites, or even switched between for the same site. Also, its controlled entirely through javascript, so you can auth someone whenever you want, not just before page-load.

Check it out here: https://github.com/webkey-auth/webkey-auth.github.io

Well your solution also uses the WebCrypto API. The question was about official alternatives for keygen and the W3C docs mention WebCrypto for this purpose. How it is implemented is another thing. — Daniel Ruf, Apr 10 '16 at 15:45

score 0 · Answer 6 · answered May 03 '19 at 10:35

0

This summarizes the current situation quite good:

KEYGEN works in Firefox, and Mozilla have committed to supporting it, but Chrome contentiously removed it without a suitable replacement.

answered May 03 '19 at 10:35

ceving

462
2
7

1

It is now gone in Firefox too. – Vladimir Panteleev Mar 02 '20 at 01:50
@VladimirPanteleev This is really bad news. I hate to be forced to migrate to something not existing. – ceving Mar 02 '20 at 08:32
I agree. We ended up writing a polyfill in JavaScript (see my answer) because it was less work than switching all our services and migrating all our users to another authentication scheme. – Vladimir Panteleev Mar 02 '20 at 16:24

Alternatives to HTML's deprecated for client certs?

6 Answers6

Linked