In some sections of the application I get the message:
Warning: This version of Firefox no longer supports the crypto web object used to generate and archive keys from the browser. As a result expect limited functionality in this area.
Doing a little research I found this information: https://www.redhat.com/archives/pki-users/2015-September/msg00012.html
It means that Firefox's API changed. The old, custom keygen /
crypto API was deprecated for a long time, then removed, but the
new, standardised Web Crypto API is not supported by Dogtag yet.
Hope that clarifies the situation for you.
-Fraser Tweedale-
It was reported On Mon, Sep 07, 2015 at 03:03:03PM +0300, By Aleksey Chudov
Little more than a year,
so I doubt arise as follows: Do you have plans to migrate to Web Cryptography API?Could take a look at PKI.js project, have made great strides in this topic:
https://github.com/PeculiarVentures/PKI.js
PKIjs is a pure JavaScript library implementing the formats that are used in PKI applications. It is built on WebCrypto (Web Cryptography API) and aspires to make it possible to build native web applications that utilize X.509 and the related formats on the web without plug-ins. Features of the library
- First and ONLY (April 2015) open-source JS library with full support for all "Suite B" algorithms in CMS messages;
- First library with support for CMS Enveloped data (encrypt/decrypt) in pure JavaScript + Web Cryptography API;
- Fully object-oriented library. Inhiritence is using everywhere inside the lib;
- Working with HTML5 data objects (ArrayBuffer, Uint8Array, Promises, Web Cryptography API, etc.);
- Has a complete set of helpers for working with types like:
- GeneralName;
- RelativeDistinguishedName;
- Time;
- AlgorithmIdentifier;
- All types of ASN.1 strings, including "international" like UniversalString, UTF8String and BMPString (with help fromASN1js);
- All extension types of X.509 certificates (BasicConstraints, CertificatePolicies, AuthorityKeyIdentifier etc.);
- All "support types" for OCSP requests and responces;
- All "support types" for Time-Stamping Protocol (TSP) requests and responces;
- Has own certification chain verification engine, built in pure JavaScript, with help from Promises and Web Cryptography API latest standard implementation;
- Working with all Web Cryptography API signature algorithms:
- RSASSA-PKCS1-v1_5;
- RSA-PSS;
- ECDSA;
- Working with all "Suite B" (and more) encryption algorithms and schemas:
- RSASSA-OAEP + AES-KW + AES-CBC/GCM;
- ECDH + KDF on SHA-1/256/384/512 + AES-KW + AES-CBC/GCM;
- Pre-defined "key encryption key" + AES-KW + AES-CBC/GCM;
- Password-based encryption for CMS with PBKDF2 on HMAC on SHA-1/256/384/512 + AES-KW + AES-CBC/GCM;
- Working with all major PKI-related types ("minor" types are not mentioned here but there are huge number of such "minor types"):
- X.509 certificates:
- Parsing internal values;
- Getting/setting any internal values;
- Creatiion of a new X.509 certificate "from scratch";
- Internal certificate chain validation engine;
- X.509 "certificate revocation lists" (CRLs):
- Parsing internal values;
- Getting/setting any internal values;
- Creation of a new CRL "from scratch";
- Validation of CRL signature;
- Search inside CRL for specific revoked certificate.
- PKCS#10 certificate request:
- Parsing internal values;
- Getting/setting any internal values;
- Creation of a new PKCS#10 certificate request "from scratch";
- Validation of PKCS#10 signature;
- OCSP request:
- Parsing internal values;
- Getting/setting any internal values;
- Creation of a new OCSP request "from scratch".
- OCSP response:
- Parsing internal values;
- Getting/setting any internal values;
- Creation of a new OCSP response "from scratch";
- Validation of OCSP response signature.
- Time-stamping request:
- Parsing internal values;
- Getting/setting any internal values;
- Creation of a new Time-stamping request "from scratch";
- Validation of Time-stamping request signature;
- Time-stamping response:
- Parsing internal values;
- Getting/setting any internal values;
- Creation of a new Time-stamping response "from scratch";
- Validation of Time-stamping response signature
- CMS Signed Data:
- Parsing internal values;
- Getting/setting any internal values;
- Creation of a new CMS Signed Data "from scratch";
- Validation of CMS Signed Data signature;
- CMS Enveloped Data:
- Parsing internal values;
- Getting/setting any internal values;
- Creation (encryption) with full support for "Suite B" algorithms and more;
- Decryption with full support for "Suite B" algorithms and more;
- CMS Encrypted Data:
- Parsing internal values;
- Getting/setting any internal values;
- Creation (encryption) with password;
- Decryption with password;
- PKCS#12:
- Parsing internal values;
- Making any kind of internal values (SafeContexts/SafeBags) with any kind of parameters;