Someone forwarded to me a copy of Ian's email, to which I am replying. > From: "Ian Hickson" <i...@hixie.ch> > To: <wha...@whatwg.org> > Sent: Tuesday, January 06, 2009 13:40 > Subject: <keygen> > > Over the years, several people (most of them bcc'ed) have asked for HTML5 > to include a definition of <keygen>. Some have even gone as far as finding > documentation on the element -- thank you. > > As I understand it based on the documentation, <keygen> basically > generates a public/private asymmetric cryptographic key pair, and then > sends the public component as its form value.
The form value is a SignedPublicKeyAndChallenge (a.k.a., SPKAC). It includes the public key, along with other info, such as a signature which proves possession of the private key. This is documented at https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag which (I have just noticed) has not been updated with the info for ECC key generation. I will update that page soon. > Unfortunately, this seems completely and utterly useless, as at no point > does there seem to be any way to ever use the private component either for > signing or for decrypting anything, nor does there appear to be a way to > use the certificate for authentication. The certificate? The keygen tag generates info used to request a certificate. The private key generated at that same time is locally stored. The certificate is subsequently downloaded/imported into the browser. Thereafter, the private key is implicitly identified through the certificate. That is, the UI asks the user to select one of his certificates, and the browser then finds the corresponding private key in the private key store and uses it when necessary. > Without further information along these lines describing how to actually > make practical use of the element, I do not intend to document <keygen> in > the HTML5 specification. If anyone can fill in these holes that would be > very helpful. Feel free to ask me any questions about <keygen>. I'm not on the whatwg list, so be sure to cc me explicitly. However, having said that, there are a number of known shortcomings of the keygen tag, which is why the Netscape and Mozilla browsers also support the generateCRMFRequest() method on the crypto object. See https://developer.mozilla.org/En/JavaScript_crypto/GenerateCRMFRequest for documentation on that method. Among the shortcomings are: a) SPKAC is non-standard, but is openly specified and has become a de facto standard and is now supported in numerous packages. b) The tag has no way to specify whether the key is to be used for signing-only, or whether it can also be used for data/key encryption. c) The SPKAC format requires that the key be usable for signing, not useful for generating encryption-only keys. d) The tag has no provision for key escrow. crypto.generateCRMFRequest addresses those shortcomings (IINM), and uses the standard CRMF syntax for the output, rather than SPKAC. I do not suggest that the keygen tag be standardized exactly as it now exists in Mozilla browsers, but I do think the industry would benefit from a standardized method for keygen. /Nelson Bolyard, Mozilla (and former Netscape) crypto guy _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
