The HTML5 keygen element

There is some confusion among users regarding the new HTML5 keygen element. The keygen element generates a public/private key pair and then creates a certificate request. Many users want to know the exact use of the element when SSL is available. This is my take on the subject. Correct me if I’m wrong.

<form action="process.cgi" method="post" enctype="multipart/form-data">
 <p><keygen name="key"></p>
 <p><input type=submit value="Submit key..."></p>
</form>


SSL is about “server identification” , “server AND client authentication” and “security”. During the normal SSL handshake the server presents its server-certificate so the browser can be sure that this is the correct server it is connecting to. But what should the server use to identify that it is the same user (browser) it is connecting to once the initial handshake has been done. For this purpose you need a client-certificate. The keygen element is used for creating a key for authentication of the user while SSL is concerned about privacy of communication and the authentication of the server.



One thought on “The HTML5 keygen element

Comments are closed.