Allow users to register a secret passcode with their account. Once they have done this, they can register a new client certificate by logging in with a certificate that uses the same CN and providing their passcode.
This requires migrating saved fingerprints from the user table into their own table to allow a one-to-many relationship between users->fingerprints.
The new table should also store basic metadata about each certificate. subject, email, expiration date, algorithm, last login, etc.
I'm looking at these libraries for hashing passwords:
This is blocked on #26
Allow users to register a secret passcode with their account. Once they have done this, they can register a new client certificate by logging in with a certificate that uses the same CN and providing their passcode.
This requires migrating saved fingerprints from the user table into their own table to allow a one-to-many relationship between users->fingerprints.
The new table should also store basic metadata about each certificate. subject, email, expiration date, algorithm, last login, etc.
I'm looking at these libraries for hashing passwords: