keygen
elementautofocus
challenge
disabled
form
keytype
name
interface HTMLKeygenElement : HTMLElement { attribute boolean autofocus; attribute DOMString challenge; attribute boolean disabled; readonly attribute HTMLFormElement form; attribute DOMString keytype; attribute DOMString name; readonly attribute DOMString type; readonly attribute boolean willValidate; readonly attribute ValidityState validity; readonly attribute DOMString validationMessage; boolean checkValidity(); void setCustomValidity(in DOMString error); readonly attribute NodeList labels; };
The keygen
element represents a key pair generator control. When the control's form is submitted, the private key is stored in the local keystore, and the public key is packaged and sent to the server.
The challenge
attribute may be specified. Its value will be packaged with the submitted key.
The keytype
attribute is an enumerated attribute. The following table lists the keywords and states for the attribute — the keywords in the left column map to the states listed in the cell in the second column on the same row as the keyword. User agents are not required to support these values, and must only recognize values whose corresponding algorithms they support.
Keyword | State |
---|---|
rsa |
RSA |
The invalid value default state is the unknown state. The missing value default state is the RSA state, if it is supported, or the unknown state otherwise.
This specification does not specify what key types user agents are to support — it is possible for a user agent to not support any key types at all.
The form
attribute is used to explicitly associate the keygen
element with its form owner. The name
attribute represents the element's name. The disabled
attribute is used to make the control non-interactive and to prevent its value from being submitted. The autofocus
attribute controls focus.
type
Returns the string "keygen
".
The challenge
IDL attribute must reflect the content attribute of the same name.
The keytype
IDL attribute must reflect the content attribute of the same name, limited to only known values.
This specification does not specify how the private key generated is to be used. It is expected that after receiving the SignedPublicKeyAndChallenge
(SPKAC) structure, the server will generate a client certificate and offer it back to the user for download; this certificate, once downloaded and stored in the key store along with the private key, can then be used to authenticate to services that use TLS and certificate authentication.
To generate a key pair, add the private key to the user's key store, and submit the public key to the server, markup such as the following can be used:
<form action="processkey.cgi" method="post" enctype="multipart/form-data"> <p><keygen name="key"></p> <p><input type=submit value="Submit key..."></p> </form>
The server will then receive a form submission with a packaged RSA public key as the value of "key
". This can then be used for various purposes, such as generating a client certificate, as mentioned above.