Databases
StackOverflow2013
Postsdbo
POHow to create signed PKCS#7 message with javascript?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POHow to create signed PKCS#7 message with javascript?
    text
    copied!<p>I'm trying to create signed PKCS#7 message for PKCS#10 certifacate request on client-side with javascript. </p> <p>There are good examples on PKCS#10: <a href="http://blogs.msdn.com/b/alejacma/archive/2009/01/28/how-to-create-a-certificate-request-with-certenroll-javascript.aspx" rel="nofollow">http://blogs.msdn.com/b/alejacma/archive/2009/01/28/how-to-create-a-certificate-request-with-certenroll-javascript.aspx</a></p> <p>But I need to create PKCS#7 and cannot figure out how to do it. There is a lack of examples (actually no at all) on official documentation for CertEnroll: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa374850(v=vs.85).aspx" rel="nofollow">http://msdn.microsoft.com/en-us/library/windows/desktop/aa374850(v=vs.85).aspx</a></p> <p>I've ended up with this code:</p> <pre class="lang-js prettyprint-override"><code>var XCN_CRYPT_STRING_BASE64REQUESTHEADER = 3; var XCN_CERT_NAME_STR_NONE = 0; var _certEnrollClassFactory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory"); ComposePKCS10Request: function (containerName, subject) { // PKCS #10 certificate request var objRequest = _certEnrollClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10"); var objCSP = objCertEnrollClassFactory.CreateObject("X509Enrollment.CCspInformation"); var objCSPs = objCertEnrollClassFactory.CreateObject("X509Enrollment.CCspInformations"); // Initialize the csp object using the desired Cryptograhic Service Provider (CSP) objCSP.InitializeFromName("Microsoft Enhanced Cryptographic Provider v1.0"); // Add this CSP object to the CSP collection object objCSPs.Add(objCSP); // asymmetric private key that can be used for encryption, signing, and key agreement. var objPrivateKey = _certEnrollClassFactory.CreateObject("X509Enrollment.CX509PrivateKey"); // Provide key container name, key length and key spec to the private key object objPrivateKey.ContainerName = containerName; //objPrivateKey.Length = 1024; objPrivateKey.KeySpec = 1; // AT_KEYEXCHANGE = 1 // Provide the CSP collection object (in this case containing only 1 CSP object) // to the private key object objPrivateKey.CspInformations = objCSPs; // Initialize P10 based on private key objRequest.InitializeFromPrivateKey(1, objPrivateKey, ""); // context user = 1 // X.500 distinguished name (DN) // The DN consists of a sequence of relative distinguished names (RDNs). Each RDN consists of a set of attributes, // and each attribute consists of an object identifier (OID) and a value. The data type of the value is identified // by the DirectoryString structure. var objDn = _certEnrollClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName"); // DN related stuff objDn.Encode(subject, XCN_CERT_NAME_STR_NONE); objRequest.Subject = objDn; return objRequest; } CreatePKCS7: function (containerName, subject) { // PKCS #7 certificate request var objPKCS7Request = _certEnrollClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs7"); // initialize PKCS #7 certificate request by PKCS #10 certificate request objPKCS7Request.InitializeFromInnerRequest(this.ComposePKCS10Request(containerName, subject)); var objSignerCert = _certEnrollClassFactory.CreateObject("X509Enrollment.CSignerCertificate"); var verifyType = 4; /* VerifyAllowUI, see typedef enum X509PrivateKeyVerify */ var encodingType = 0x3; /* see typedef enum EncodingType */ /**********************************************************************/ /* I have to provide certificate here??? How can I obtain it from UI? */ /**********************************************************************/ var strCertificate = '?????????????????????'; objSignerCert.Initialize(false, verifyType, encodingType, strCertificate); /*****************************************************************************/ /* Also I'm not shure that SignerCertificate can be accessed via javascript. */ /*****************************************************************************/ objPKCS7Request.SignerCertificate = objSignerCert; // represents the top level object and enables you to enroll in a certificate hierarchy and install a certificate response var objEnroll = _certEnrollClassFactory.CreateObject("X509Enrollment.CX509Enrollment"); // Enroll objEnroll.InitializeFromRequest(objPKCS7Request); var pkcs7; try { pkcs7 = objEnroll.CreateRequest(XCN_CRYPT_STRING_BASE64REQUESTHEADER); } catch (e) { ... } return pkcs7; } </code></pre> <p>Is there any way to create PKCS#7 message with javascript?</p> <p>UPDATE: I've already had PKCS#10 cert request (see the first function in code sample) and need to create PKCS#7 signed message for it. Ok, I paraphrase my question. How to create signed PKCS#7 message with javascript? (Ideally, it should allow to specify proper cert with UI.)</p> <p>As for javascript I understand that it's not the convenient way, but suitable because I must to deal with it on client-side (in browser). Moreover, cert enroll IX509CertificateRequestPkcs7 interface has methods marked as [WebEnabled], so I believe there must be the way to do what I state.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload