Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there a HTML5 keygen example?

Tags:

html

I am having difficulty understanding how to use <keygen>.

I could not find the demo for it, which is used for authentication. When I add the <keygen> tag to the form, it sends the public key.

What should be done after getting the public key?

Can someone please give me sample application which uses <keygen> and does the authentication?

like image 531
swingmicro Avatar asked Jul 29 '12 17:07

swingmicro


People also ask

How can we define a keygen in HTML5?

The <keygen> tag in HTML is used to specify a key-pair generator field in a form. The purpose of <keygen> element is to provide a secure way to authenticate users. When a from is submitted then two keys are generated, private key and public key. The private key stored locally, and the public key is sent to the server.

Could you generate a public key in HTML?

You can easily generate a public key using the <keygen> tag in HTML. The <keygen> element generates an encryption key for passing encrypted data to a server. The purpose of the <keygen> element is to provide a secure way to authenticate users.

Where are the keys stored which has been generated using keygen element?

The <keygen> form field creates a Public Key / Private Key pair. Private Key is encrypted (based on the choice) and stored in the Local Key Database.


1 Answers

My explanations come from this PHP/Apache example. It's a simplified explanation, look at the original example for full details.

The client generate a public key for the server and keep a private key.

<form>
   <keygen name="pubkey" challenge="randomchars">
   <input type="submit" name="createcert" value="Generate">
</form>

The public key is extracted by the server:

$key = $_REQUEST['pubkey'];

The server build a client certificate:

$command = "/usr/bin/openssl ca -config ".$opensslconf." -days ".$days." -notext -batch -spkac ".$certfolder.$uniq.".spkac -out ".$certfolder.$uniq." -passin pass:'".$capw."' 2>&1";
$output = shell_exec($command);

and send it back to the client.

You can then configure Apache to allow access to authentified clients:

SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/CA/certs-pub/domain.der
SSLCertificateKeyFile /etc/CA/certs-priv/domain.pem
SSLCACertificateFile /etc/CA/certs-pub/ca.pem
SSLCARevocationFile /etc/CA/crl/cacrl.pem
<Location /secure_area/>
  SSLVerifyClient require
  SSLVerifyDepth 1
</Location>
like image 132
Ortomala Lokni Avatar answered Oct 05 '22 07:10

Ortomala Lokni