- Element of
- What does
- The <keygen> element generates a public-private key pair and sends the public key to the server with form submission. The element is expected to be deprecated and does not have broad browser support.
- Null element
- This element must not contain any content, and does not need a closing tag.
Public Key Cryptography
One of the most important areas of innovation in web development and computer science generally is the use of public key cryptography. Public key cryptography (sometimes called Public-Private Key Cryptography) is a form of encryption in which a message can be encrypted using a public key that anyone can have access to, but the messages can only be decrypted and read by the person with a matching private key. It works like this: Alice generates a Public-Private key pair, using one or another key generation tools. (There are many besides those). Alice publishes her public key, but keeps her private key a secret. Bob and Carol can boh use the public key to encrypt messages. Only Alice can read them, and neither Bob or Carol can read messages emcrypted by the other one. Additionally, Alice can use her private key to "sign" messages. Alice can encrypt a message using the private key. It can only be decrypted by the public key. Now, since everyone has access to the public key, this does not make the message secret. But it does verify that the message originated with Alice. Public key cryptography is one of the more important concepts behind technologies like Bitcoin (and the blockchain in general, SSL security, and TOR. In our increasing connected and increasing surveilanced world, Public Key Cryptography is the only sure way to both verify identity from a distance and ensure privacy of communication. Public Key Cryptography is vital for privacy and security, and not just for those with "something to hide." Without Public Key Cryptography, of course there could be no Wikileaks and no Eric Snowden. But also there would be no internet commerce, no online credit card transactions, no mobile banking.
Public Key Crypto for HTML Forms
If two parties want to communicate securely, they each need to be able to generate a public-private key pair, and then hare the public key with the other party. The
<keygen> is intended to facilitate this within the context of an HTML form. In browsers that implement it (not all do), if the element is included with a form, the browser generates a key-pair locally and sends the public key to the server when the form is submitted. The private key is then stored locally and (obviously) not shared. This could be used, for example, in a login form. Once logged in, all messages from the server could be encrypted, and all messages from the browser could be signed. This would ensure that every communication after login was being conducted between the server and the actual user who provided login credentials. (Presumably the server has also generated a private-public key pair and has shared the public key with the user. This is part of what SSL Security Certificates accomplish.)
HTML5 is an evolving standard. It has been announced that the
Browser Support for keygen
|Not supported.||1||1||Not supported.||1.2||3.0|