This feature is non-standard and is not on a standards track. Do not use it on production sites facing the Web: it will not work for every user. There may also be large incompatibilities between implementations and the behavior may change in the future.
This feature has been removed from the Web standards. Though some browsers may still support it, it is in the process of being dropped. Avoid using it and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.
Warning: The features mentioned in this article are deleted proprietary Mozilla extensions, and are not supported in any other browser. They won't work in Firefox 34 or later. Use <keygen> or the future Web Crypto API instead.
crmfObject = crypto.generateCRMFRequest("requestedDN", "regToken", "authenticator", "escrowAuthorityCert", "CRMF Generation Done Code", keySize1, "keyParams1", "keyGenAlg1", ..., keySizeN, "keyParamsN", "keyGenAlgN");
||An RFC 1485 formatted DN to include in the certificate request.|
||A value used to authenticate the user to the RA/CA.|
||A value that the user can authenticate with in the future when their private key is not available. Can be used for key recovery or revocation requests.|
||If this value is NULL, then no key escrow will be performed. This value specifies which KRA certificate should be used to wrap the private key being escrowed. The user will be prompted for confirmation whenever a key will be escrowed. Only key exchange keys will be escrowed. If a dual use key is being generated, it will not be escrowed. The value of this argument is a base-64 encoded certificate.|
||The size in bits of the Nth key to generate|
||This string is an optional algorithm dependent parameter value. For Diffie-Hellman it is used to specify p and g parameters. For DSA, it will be used to specify pqg. If the key generation requires parameters and the value passed in is NULL, then the client will generate the parameters on its own. Currently, this value is ignored.|
||Which algorithm the generated key will support. Acceptable values are (the mentioned values for keyUsage pertain to the keyUsage value of the Certificate Extension that will ultimately be in the issued certificate):
generateCRMFRequest() method will cause the user to be presented with a key generation dialog. The dialog describes the key generation process and gives the user the opportunity to cancel the operation.
"CRMF Generation Done Code" parameter should look at the attribute
request of the returned object to get the result of the CRMF generation.
The string found by accessing
crmfObject.request is the base-64 encoded CRMF message to be sent to the CA/RA, or an error string. The possible error strings are:
|"error:invalidParameter:XXX"||The parameter XXX was an invalid value.|
|"error:userCancel"||the user has canceled the key generation operation|
|"error:internalError"||the software encountered some internal error, such as out of memory|