Crypto Wiki

Template:Cleanup Template:Orphan SPKAC is an acronym that stands for Signed Public Key and Challenge, also known as Netscape SPKI

It is a format for sending a Certification Signing Request: it encodes a public key, that can be manipulated using openssl (see spkac openssl man page). It is created using the little documented HTML keygen element inside a number of Netscape compatible browser.

HTML5 has now specified the keygen element, and has more info on SPKAC

This can be very useful for making it easy to create client side certificates through a web service for protocols such as foaf+ssl.

An overview of how the keygen tag works with spkac in php.

Bouncy Castle provides a Java class to process spkac, shown in action in this simple server implementation in Java.

The user interface needs to be improved in browsers, to make it more obvious to users when a server is asking for the client certificate as explained by the heise online article.