Keygen

Keygen Support Key: [2\|3\|3.2\|4] [X1\|X1.1] [IE\|M\|N3\|O3]	What is it? Attributes Tag Example	Parent/Content Model Tips & Tricks Browser Peculiarities
= Index DOT Html by Brian Wilson =

Main Index | Element Tree | Element Index | HTML Support History

[NOTE: Information on this element is VERY scarce and almost all of the content below is verbatim from Netscape's lean documentation - I have not been able to verify any of this. See the 'Tips & Tricks' section for all known reference URLs (mostly pointed out by alert readers) on this issue.]

Quick Statistics
End Tag:		Omitted
Standards Details:		NA
XHTML Modules:		NA
CSS 'display' Type:		NA
CSS Mapping:		NA
Default Rendering:		NA
Official Docs:		Netscape's HTML Tag reference

What is it?: The KEYGEN element is a Netscape creation used to process security transactions with web-based certificate management systems. This element is used in the context of an HTML form along with other information needed to construct a certificate request - the generation of key material and submission of the public key - and the result of the transaction will be a signed certificate that the form can use to generate a challenge string paired with the KEYGEN's NAME attribute.

Use of the KEYGEN element generates a menu of key-size choices that the user must choose from. When the form contents are submitted for processing, a key pair of the selected size is generated. The private key is encrypted and stored in the local key database.

Specific Attributes
Challenge
[2|3|3.2|4] [X1|X1.1] [IE|M|N3|O3]: Standards Details: NA; Required? No; Description:
Specifies the challenge string to be packaged with the public key for use in verification of the form submission. If no challenge string is provided, then it is encoded as an 'IA5STRING' [see relevant URLs in 'Tips and Tricks'] of length zero.; Values: Alphanumeric characters.
Keytype
[2|3|3.2|4] [X1|X1.1] [IE|M|N6|O]: Standards Details: NA; Required? No; Description:
This attribute specifies the type of encryption security method to use to verify the KEYGEN element.; Values: RSA [DEFAULT], DSA
Name
[2|3|3.2|4] [X1|X1.1] [IE|M|N3|O3]: Standards Details: NA; Required? Yes; Description:
This attribute assigns a name to the keygen element.; Values: Alphanumeric characters.
PQG
[2|3|3.2|4] [X1|X1.1] [IE|M|N6|O]: Standards Details: NA; Required? No; Description:
This attribute appears to be a security string to be sent and verified.; Values: Alphanumeric characters.

Example: <form method="post" action="http://example.com/secure/keygen/test.cgi" enctype="application/x-www-form-urlencoded">
<keygen name="randomkey" challenge="1234567890" />
<input type="text" name="Field1" value="Default Text" />
</form>

Parent Model: <form>
Content Model: NA

Tips & Tricks

The documentation for the KEYTYPE and PQG attributes is VERY thin - I only found reference to them in the Mozilla source code (which is why I only list support as v.6.0 and above) and even that was scarce. I only try to document them here for the sake of completeness.
These are the URLs I have been able to find that document this element. They mostly seem to be oriented toward the developer, which is understandable considering proper use of this element involves non-trivial negotiation with a server.

http://devedge.netscape.com/library/manuals/1998/htmlguide/tags10.html#1615503
Netscape's official documentation on the KEYGEN element.
http://wp.netscape.com/eng/security/ca-interface.html
A draft proposal from Netscape going in to a little more detail on the KEYGEN element.
http://wp.netscape.com/eng/security/cert-exts.html
Netscape Certificate Extensions - a developer oriented document on KEYGEN interaction with server software.
http://wp.netscape.com/eng/security/downloadcert.html

Netscape Certificate Download Specification - another technical, developer oriented document describing KEYGEN and server interaction.

Browser Peculiarities

The documentation states that export versions of Netscape (non-US versions) only allow a 512 bit key size to be chosen, while US versions allow key size choices of 512 bits, 768 bits, and 1024 bits.