SPKAC
   HOME

TheInfoList



Click Here for Items Related To - SPKAC
OR:
SPKAC on:   [Wikipedia]   [Google]   [Amazon]

SPKAC is an acronym that stands for Signed Public Key and Challenge, also known as
Netscape Netscape Communications Corporation (originally Mosaic Communications Corporation) was an American independent computer services company with headquarters in Mountain View, California and then Dulles, Virginia. Its Netscape web browser was onc ...
SPKI Simple public key infrastructure (SPKI, pronounced ''spoo-key'') was an attempt to overcome the complexity of traditional X.509 public key infrastructure. It was specified in two Internet Engineering Task Force (IETF) Request for Comments (RFC) spe ...
. It is a format for sending a Certification Signing Request: it encodes a
public key Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
, that can be manipulated using
OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTT ...
. It is created using the little documented HTML keygen element inside a number of Netscape compatible browsers.


Standardisation

There exists an ongoing effort to standardise SPKAC through an
Internet Draft An Internet Draft (I-D) is a document published by the Internet Engineering Task Force (IETF) containing preliminary technical specifications, results of networking-related research, or other technical information. Often, Internet Drafts are int ...
in the
Internet Engineering Task Force The Internet Engineering Task Force (IETF) is a standards organization for the Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster or requirements and a ...
(IETF). The purpose of this work has been to formally define what has existed prior as a
de facto ''De facto'' ( ; , "in fact") describes practices that exist in reality, whether or not they are officially recognized by laws or other formal norms. It is commonly used to refer to what happens in practice, in contrast with ''de jure'' ("by la ...
standard, and to address security deficiencies, particular with respect to historic insecure use of MD5 that has since been declared unsafe for use with digital signatures as per RFC 6151.


Implementations

HTML5 originally specified the <keygen> element to support SPKAC in the browser to make it easier to create
client side Client-side refers to operations that are performed by the client in a client–server relationship in a computer network. General concepts Typically, a client is a computer application, such as a web browser, that runs on a user's local compute ...
certificates through a web service for protocols such as
WebID WebID is a method for internet services and members to know who they are communicating with. The WebID specifications define a set oto prepare the process of standardization for identity, identification and authentication on HTTP-based networks. We ...
; however, subsequent work for HTML 5.1 placed the keygen element "at-risk", and the first public working draft of HTML 5.2 removes the keygen element entirely. The removal of the keygen element is due to non-interoperability and non-conformity from a standards perspective in addition to security concerns. The
World Wide Web Consortium The World Wide Web Consortium (W3C) is the main international standards organization for the World Wide Web. Founded in 1994 and led by Tim Berners-Lee, the consortium is made up of member organizations that maintain full-time staff working to ...
(W3C) Web Authentication Working Group developed the
WebAuthn Web Authentication (WebAuthn) is a web standard published by the World Wide Web Consortium (W3C). WebAuthn is a core component of the FIDO2 Project under the guidance of the FIDO Alliance. The goal of the project is to standardize an interface fo ...
(Web Authentication) API to replace the keygen element. Bouncy Castle provides a Java class. An implementation for Erlang/OTP exists too. An implementation for
Python Python may refer to: Snakes * Pythonidae, a family of nonvenomous snakes found in Africa, Asia, and Australia ** ''Python'' (genus), a genus of Pythonidae found in Africa and Asia * Python (mythology), a mythical serpent Computing * Python (pro ...
is named pyspkac. PHP OpenSSL extension as of version 5.6.0. node.js implementation.


Deficiencies

The user interface needs to be improved in browsers, to make it more obvious to users when a server is asking for the client certificate.


References


External links

* IETF draft
Signed Public Key and Challenge
*
PHP v5.6 now supports SPKAC nativelyNative SPKAC support in PHP OpenSSL extension with release of v5.6.0-Alpha3Native SPKAC support in Node.js (with release of v0.11.8)SPKAC demo in Node.js (requires node.js release > v0.11.8)
Cryptography {{Crypto-stub