使用 ssl 公钥/私钥进行基于 Web 的登录?

2022-01-25 00:00:00 ssl ssl-certificate security php

是否可以通过网络浏览器创建需要公钥/私钥的登录过程?公钥将存储在服务器上,而私钥将由用户保存(并加密).

Is it possible to create a login process that requires a public/private key through a web browser? The public key would be stored on the server and the private key would be kept (and encrypted) by the user.

我基本上想做一些类似于 SSH 所做的事情,但通过网络.也许是 HTTP 身份验证的自定义方法(摘要"除外).

I basically want to do something similar to what SSH does, but through the web. Perhaps a custom method of HTTP Authentication (other than "Digest").

我知道使用普通浏览器可能无法做到这一点,因此可以接受扩展来完成这项工作(Chrome/Firefox).

I know that it may not be possible to do this with a stock browser, so extensions to make this work are acceptable (Chrome/Firefox).

理想情况下,密钥将在 USB 记忆棒上加密.当 U 盘拔出时必须无法登录(不希望浏览器缓存它).

The keys would ideally be encrypted on a USB Stick. When the USB stick is unplugged in has to be impossible to login (don't want the browser to cache it).

这将在内部使用.

客户端证书将是我正在寻找的,但我如何将这些证书存储在 U 盘上?另外,是否有关于如何使用 PHP 对用户进行身份验证的信息?

Client certificates would be what I'm looking for, but how do I store these certificates on a USB stick? Also, is there information on how to authenticate a user using PHP?

推荐答案

这是通过证书的客户端身份验证.
您的服务器应配置为需要客户端证书,并且还应配置信任库.
所有的浏览器都支持这个.
您只需将具有私钥和证书的客户端密钥库导入到机器证书集.
对于 Windows,它位于 Internet 选项中

This is Client authentication via certificates.
Your server should be configured to require a client certificate and also be configured with a truststore.
All the browsers support this.
You just have to import the client keystore having the private key and certificate to the machines set of certificates.
For windows it is in internet options

相关文章