I am having difficulty understanding how to use <keygen>
.
I could not find the demo for it, which is used for authentication. When I add the <keygen>
tag to the form, it sends the public key.
What should be done after getting the public key?
Can someone please give me sample application which uses <keygen>
and does the authentication?
The <keygen> tag in HTML is used to specify a key-pair generator field in a form. The purpose of <keygen> element is to provide a secure way to authenticate users. When a from is submitted then two keys are generated, private key and public key. The private key stored locally, and the public key is sent to the server.
You can easily generate a public key using the <keygen> tag in HTML. The <keygen> element generates an encryption key for passing encrypted data to a server. The purpose of the <keygen> element is to provide a secure way to authenticate users.
The <keygen> form field creates a Public Key / Private Key pair. Private Key is encrypted (based on the choice) and stored in the Local Key Database.
My explanations come from this PHP/Apache example. It's a simplified explanation, look at the original example for full details.
The client generate a public key for the server and keep a private key.
<form>
<keygen name="pubkey" challenge="randomchars">
<input type="submit" name="createcert" value="Generate">
</form>
The public key is extracted by the server:
$key = $_REQUEST['pubkey'];
The server build a client certificate:
$command = "/usr/bin/openssl ca -config ".$opensslconf." -days ".$days." -notext -batch -spkac ".$certfolder.$uniq.".spkac -out ".$certfolder.$uniq." -passin pass:'".$capw."' 2>&1";
$output = shell_exec($command);
and send it back to the client.
You can then configure Apache to allow access to authentified clients:
SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/CA/certs-pub/domain.der
SSLCertificateKeyFile /etc/CA/certs-priv/domain.pem
SSLCACertificateFile /etc/CA/certs-pub/ca.pem
SSLCARevocationFile /etc/CA/crl/cacrl.pem
<Location /secure_area/>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With