如何使用 JavaScript 或 jQuery 获取证书列表?

2022-01-25 00:00:00 certificate jquery javascript npapi

We are using Applet previously to get Key Store Certificates installed in client's machine. Now as chrome stops NPAPI, Applet is not working now, so finding some solution using Javascript / jQuery.

I am trying to get the total Certificate List for installs in KeyStore, but I can't find any solutions. Does any one know how to get the full Certificate List using JavaScript or jQuery?

解决方案

You cannot do that with JavaScript running in the client.

See the following entry of the WebCrypto mailing list:

On Wed, Jun 24, 2015 at 1:50 PM, Jeffrey Walton wrote:

I see the WebCrypto API will allow discovery of keys (http://www.w3.org/TR/WebCryptoAPI/):

In addition to operations such as signature generation and verification, hashing and verification, and encryption and decryption, the API provides interfaces for key generation, key derivation, key import and export, and key discovery.

Certificates have public keys, and they are not as sensitive as private keys.

Will the WebCrypto API allow discovery/enumeration of certificates?

Examples of what I would like to discover or enumerate (in addition to the private keys):

  • Trusted roots
  • Client certs

Trusted Roots are in the platform's trust store. Client certs may be in the trust store.

Thanks in advance, Jeff

There are no plans from Chrome to implement such, on the hopefully obvious and significant privacy grounds.

Client certs contain PII. Trusted certs contain PII and fingerprinting.

In modern, sandboxed operating systems, such as iOS and Android, applications cannot enumerate either, as those platform providers reached the same conclusion.

So no. Never.1

1 For some really long value of never

相关文章