How to generate a p12 with javascript generated key pair and server side internal CA

I’m working on a client-certificate based authentication of users for a website.
The server configuration part is OK
(Apache server, keywords: SSLCACertificateFile / SSLVerifyDepth / SSLVerifyClient optional)
The server code part is OK too… Continue reading How to generate a p12 with javascript generated key pair and server side internal CA

Passkeys WebAuthN PRF extension to encrypt/decrypt private key of non-custodial wallet

We’re wanting to support out-of-the-box digital currency wallets for user’s of our web app.
We have passkeys / webauthn working and would ideally like to associate these credentials with wallet access.
Wallets should be self custodial with… Continue reading Passkeys WebAuthN PRF extension to encrypt/decrypt private key of non-custodial wallet

How does `crypto.getRandomValues` work in JavaScript, and how is it different from `Math.random`?

I’ve been obsessed with figuring out Math.random in JavaScript and how it works. because how could you imagine a computer picking a random number? Where does the number come from?
But now I realized crypto.getRandomValues does not use rand… Continue reading How does `crypto.getRandomValues` work in JavaScript, and how is it different from `Math.random`?

X.509 certificate’s signature algorithm vs. algorithm used in key derived from it to verify a signature

I have the following from Google’s public certs for verifying JWT ID
—–BEGIN CERTIFICATE—–
MIIDHDCCAgSgAwIBAgIIW4K0b18ff70wDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMjEx
MDIzMDkyMDI1… Continue reading X.509 certificate’s signature algorithm vs. algorithm used in key derived from it to verify a signature

SubtleCrypto with non-extractable keys stored in IndexedDB – Cross Origin Usage

In a browser I want to use SublteCrypto (https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto) to create a key pair and store it locally in the IndexedDB (https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API).
Storing th… Continue reading SubtleCrypto with non-extractable keys stored in IndexedDB – Cross Origin Usage

ECDH for P-521 (Web Crypto Api) / secp521r1 (NodeJS Crypto) generate a slightly different shared secret

I have generated a public and private key pair with ECDH from NodeJS
function _genPrivateKey(curveName = "secp384r1", encoding = "hex") {
const private_0 = crypto.createECDH(curveName);
private_0.generateKeys();… Continue reading ECDH for P-521 (Web Crypto Api) / secp521r1 (NodeJS Crypto) generate a slightly different shared secret