Element of
Forms
What does <keygen> do?
The <keygen> element generates a public-private key pair and sends the public key to the server with form submission. The element is expected to be deprecated and does not have broad browser support.
Display
none
Null element
This element must not contain any content, and does not need a closing tag.

Public Key Cryptography

One of the most important areas of innovation in web development and computer science generally is the use of public key cryptography. Public key cryptography (sometimes called Public-Private Key Cryptography) is a form of encryption in which a message can be encrypted using a public key that anyone can have access to, but the messages can only be decrypted and read by the person with a matching private key. It works like this: Alice generates a Public-Private key pair, using one or another key generation tools. (There are many besides those). Alice publishes her public key, but keeps her private key a secret. Bob and Carol can boh use the public key to encrypt messages. Only Alice can read them, and neither Bob or Carol can read messages emcrypted by the other one. Additionally, Alice can use her private key to "sign" messages. Alice can encrypt a message using the private key. It can only be decrypted by the public key. Now, since everyone has access to the public key, this does not make the message secret. But it does verify that the message originated with Alice. Public key cryptography is one of the more important concepts behind technologies like Bitcoin (and the blockchain in general, SSL security, and TOR. In our increasing connected and increasing surveilanced world, Public Key Cryptography is the only sure way to both verify identity from a distance and ensure privacy of communication. Public Key Cryptography is vital for privacy and security, and not just for those with "something to hide." Without Public Key Cryptography, of course there could be no Wikileaks and no Eric Snowden. But also there would be no internet commerce, no online credit card transactions, no mobile banking.

Public Key Crypto for HTML Forms

If two parties want to communicate securely, they each need to be able to generate a public-private key pair, and then hare the public key with the other party. The <keygen> is intended to facilitate this within the context of an HTML form. In browsers that implement it (not all do), if the element is included with a form, the browser generates a key-pair locally and sends the public key to the server when the form is submitted. The private key is then stored locally and (obviously) not shared. This could be used, for example, in a login form. Once logged in, all messages from the server could be encrypted, and all messages from the browser could be signed. This would ensure that every communication after login was being conducted between the server and the actual user who provided login credentials. (Presumably the server has also generated a private-public key pair and has shared the public key with the user. This is part of what SSL Security Certificates accomplish.)

Future Deprecation

HTML5 is an evolving standard. It has been announced that the <keygen> element will be deprecated and removd from the HTML standard. This means that alternate methods of key generation will be needed. Naturally this simply means using JavaScript. There is now a JavaScript Web Cryptography API, which all web developers should take the time to learn.

Browser Support for keygen

Not supported.11Not supported.1.23.0