chrome.platformKeys
Description: |
Use the chrome.platformKeys API to access client certificates
managed by the platform. If the user or policy grants the permission, an
extension can use such a certficate in its custom authentication protocol.
E.g. this allows usage of platform managed certificates in third party VPNs
(see chrome.vpnProvider).
|
Availability: |
Since Chrome 45.
|
Permissions: |
"platformKeys"
|
Important: This API works only on Chrome OS.
Summary
Types | |
---|---|
Match | |
Methods | |
selectClientCertificates −
chrome.platformKeys.selectClientCertificates(object details, function callback)
| |
getKeyPair −
chrome.platformKeys.getKeyPair(ArrayBuffer certificate, object parameters, function callback)
| |
getKeyPairBySpki −
chrome.platformKeys.getKeyPairBySpki(ArrayBuffer publicKeySpkiDer, object parameters, function callback)
| |
subtleCrypto −
object
chrome.platformKeys.subtleCrypto()
| |
verifyTLSServerCertificate −
chrome.platformKeys.verifyTLSServerCertificate(object details, function callback)
|
Types
Match
properties | ||
---|---|---|
ArrayBuffer | certificate |
The DER encoding of a X.509 certificate. |
object | keyAlgorithm |
The KeyAlgorithm of the certified key. This contains algorithm parameters that are inherent to the key of the certificate (e.g. the key length). Other parameters like the hash function used by the sign function are not included. |
Methods
selectClientCertificates
chrome.platformKeys.selectClientCertificates(object details, function callback)
This function filters from a list of client certificates the ones that are known to the platform, match request
and for which the extension has permission to access the certificate and its private key. If interactive
is true, the user is presented a dialog where they can select from matching certificates and grant the extension access to the certificate. The selected/filtered client certificates will be passed to callback
.
Parameters | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
object | details |
|
|||||||||||||||
function | callback |
The callback parameter should be a function that looks like this: function(array of Match matches) {...};
|
getKeyPair
chrome.platformKeys.getKeyPair(ArrayBuffer certificate, object parameters, function callback)
Passes the key pair of certificate
for usage with platformKeys.subtleCrypto to callback
.
Parameters | ||||||||
---|---|---|---|---|---|---|---|---|
ArrayBuffer | certificate |
The certificate of a Match returned by selectClientCertificates. |
||||||
object | parameters |
Determines signature/hash algorithm parameters additionally to the parameters fixed by the key itself. The same parameters are accepted as by WebCrypto's importKey function, e.g. Currently, this function only supports the "RSASSA-PKCS1-v1_5" and "ECDSA" algorithms. |
||||||
function | callback |
The public and private CryptoKey of a certificate which can only be used with platformKeys.subtleCrypto. The callback parameter should be a function that looks like this: function(object publicKey, object privateKey) {...};
|
getKeyPairBySpki
chrome.platformKeys.getKeyPairBySpki(ArrayBuffer publicKeySpkiDer, object parameters, function callback)
Since Chrome 85. Warning: this is the current Beta channel. Learn more.
Passes the key pair identified by publicKeySpkiDer
for usage with platformKeys.subtleCrypto to callback
.
Parameters | ||||||||
---|---|---|---|---|---|---|---|---|
ArrayBuffer | publicKeySpkiDer |
A DER-encoded X.509 SubjectPublicKeyInfo, obtained e.g. by calling WebCrypto's exportKey function with format="spki". |
||||||
object | parameters |
Provides signature and hash algorithm parameters, in addition to those fixed by the key itself. The same parameters are accepted as by WebCrypto's importKey function, e.g. Currently, this function only supports the "RSASSA-PKCS1-v1_5" algorithm with one of the hashing algorithms "none", "SHA-1", "SHA-256", "SHA-384", and "SHA-512". |
||||||
function | callback |
The public and private CryptoKey of a certificate which can only be used with platformKeys.subtleCrypto. The callback parameter should be a function that looks like this: function(object publicKey, object privateKey) {...};
|
subtleCrypto
object
chrome.platformKeys.subtleCrypto()
An implementation of WebCrypto's SubtleCrypto that allows crypto operations on keys of client certificates that are available to this extension.
Returns
verifyTLSServerCertificate
chrome.platformKeys.verifyTLSServerCertificate(object details, function callback)
Checks whether details.serverCertificateChain
can be trusted for details.hostname
according to the trust settings of the platform. Note: The actual behavior of the trust verification is not fully specified and might change in the future. The API implementation verifies certificate expiration, validates the certification path and checks trust by a known CA. The implementation is supposed to respect the EKU serverAuth and to support subject alternative names.
Parameters | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
object | details |
|
|||||||||
function | callback |
The callback parameter should be a function that looks like this: function(object result) {...};
|