Skip to content

Browser App

dweller long gone edited this page May 22, 2026 · 2 revisions

Browser App

The browser application combines a Private Key Gadgets key tree with an embedded PkiStudioJS ASN.1 viewer.

Private Key Gadgets browser app screenshot

Key Tree

The left pane stores one or more top-level key pair items. Each key pair can contain child items for:

  • SubjectDN
  • PrivateKey
  • PublicKey
  • Certificate
  • CSR

Top-level key pair labels can be edited in the tree. Empty labels are rejected and the previous label is restored.

New, Open, and Save

The compact toolbar provides:

  • New: generate supported WebCrypto key pairs.
  • Open: import PKCS#12 files, or route other ASN.1 DER/PEM data to the viewer.
  • Save: export selected key pairs as password-protected PKCS#12 files.

The application uses the browser's native save-file picker when available and falls back to browser downloads when it is not.

Certificate Loading

Certificates can be added from the key pair menu with Load Certificate.

Supported sources include:

  • DER certificate files.
  • PEM files with a -----BEGIN CERTIFICATE----- block.
  • Clipboard PEM.
  • Clipboard HEX.

When a certificate is loaded, Private Key Gadgets checks whether its public key matches the key pair. A mismatching certificate can be accepted after confirmation, but it does not silently populate publicKeyDer.

PublicKey and Certificate are independent child objects. Adding or replacing a Certificate does not remove an existing PublicKey item.

SubjectDN

SubjectDN objects can be created from the key pair menu or copied from an existing Certificate item.

Only one SubjectDN child item is kept per key pair. Creating another SubjectDN asks for overwrite confirmation.

The embedded viewer can edit SubjectDN DER. When a SubjectDN item is selected, viewer edits are synchronized back to the tree item data.

CSR Generation

CSR generation starts from the PrivateKey item menu and requires an existing usable SubjectDN item.

The generated CSR is stored as PKCS#10 DER and displayed in the embedded ASN.1 viewer. CSR items can be copied as PEM with a CERTIFICATE REQUEST block.

Self-Signed Certificates

Self-signed certificate generation starts from the PrivateKey item menu and requires an existing SubjectDN item. The SubjectDN is used as both issuer and subject.

The application supports selectable hash algorithms, a validity span in days, and KeyUsage flags. certSign and crlSign are selected by default.

Generated certificates replace the existing Certificate child item after confirmation when one is already present.

Embedded ASN.1 Viewer

The right pane embeds the PkiStudioJS viewer.

PrivateKey, PublicKey, Certificate, and CSR items are displayed in read-only mode. SubjectDN items are editable so the viewer can update the SubjectDN DER used by CSR and certificate workflows.

The PkiStudioJS Save menu remains available for writing the currently displayed DER document to a file.

API Log

The bottom pane records browser and PKI operation activity, including key generation, PKCS#12 import/export, certificate loading, clipboard access, file-system saves, CSR creation, and self-signed certificate signing.

The newest 200 log entries are kept. Older entries are dropped automatically.

Clone this wiki locally