HTML5 Guidelines for Web Developers

(coco) #1

54 Chapter 3—Intelligent Forms


The following short HTML document creates a keygen button:

<!DOCTYPE html>
<meta charset="utf-8">
<title>keygen Demo</title>
<form method=post action=submit.html>
<keygen id=kg challenge=hereismychallenge name=kg>
<input type=submit>
</form>

In addition to the familiar attributes, such as autofocus, disabled, name, and form,
the keygen element has two special attributes: keytype and challenge. keytype in
particular is interesting because the browser uses this entry to decide if it sup-
ports this element’s function. Currently, there is only one valid keytype, which is
rsa, a cryptographic system developed in 1977 at the Massachusetts Institute of
Technology (MIT). If no keytype is specified (as in the preceding example), rsa
is used as the default value. The specification also states that a browser does not
have to support any keytype at all, which is probably because of Microsoft’s veto
against this element. The optional challenge attribute increases security during
the key exchange. For further information, please refer to the links in the note at
the end of this section.
If the browser supports the RSA key generation, it can offer a selection list to al-
low the user to select the length, and consequently the security, of the key (see
Figure 3.9).

Figure 3.9 Selecting the key length in Google Chrome

Figure 3.10 shows the result after the form has been sent: The POST variable kg
contains the public key required for encryption (here, rendered in the extremely
useful Firefox add-on Firebug).
Free download pdf