Questa traduzione è incompleta. Collabora alla traduzione di questo articolo dall’originale in lingua inglese.

Deprecato
This feature is no longer recommended. Though some browsers might still support it, it may have already been removed from the relevant web standards, may be in the process of being dropped, or may only be kept for compatibility purposes. Avoid using it, and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.

The HTML <keygen> element exists to facilitate generation of key material, and submission of the public key as part of an HTML form. This mechanism is designed for use with Web-based certificate management systems. It is expected that the <keygen> element will be used in an HTML form along with other information needed to construct a certificate request, and that the result of the process will be a signed certificate.

There is currently discussion among Web browser makers whether to keep this feature or not. Until a decision is reached, it is better to continue to consider this feature as deprecated and going away.

Categoria Flow content, phrasing content, interactive content, listed, labelable, submittable, resettable  form-associated element, palpable content.
Contenuto permesso Nessuno è un elemento vuoto.
Omissione dei tag Must have a start tag and must not have an end tag.
Elementi genitore permessi Any element that accepts phrasing content.
Ruoli ARIA permessi Nessuno
Interfaccia DOM HTMLKeygenElement

Attributi

Questo elemento include gli attributi globali.

autofocus
This Boolean attribute lets you specify that the control should have input focus when the page loads, unless the user overrides it, for example by typing in a different control. Only one form element in a document can have the autofocus attribute, which is a Boolean.
challenge
A challenge string that is submitted along with the public key. Defaults to an empty string if not specified.
disabled
This Boolean attribute indicates that the form control is not available for interaction.
form
The form element that this element is associated with (its form owner). The value of the attribute must be an id of a <form> element in the same document. If this attribute is not specified, this element must be a descendant of a <form> element. This attribute enables you to place <keygen> elements anywhere within a document, not just as descendants of their form elements.
keytype
Tipo di chiave generata. Il valore predefinito è RSA.
name
The name of the control, which is submitted with the form data.

The element is written as follows:

<keygen name="name" challenge="challenge string" keytype="type"
        keyparams="pqg-params">

The keytype parameter is used to specify what type of key is to be generated. Valid values are "RSA", which is the default, "DSA" and "EC". The name and challenge attributes are required in all cases. The keytype attribute is optional for RSA key generation and required for DSA and EC key generation. The keyparams attribute is required for DSA and EC key generation and ignored for RSA key generation. PQG is a synonym for keyparams. That is, you may specify keyparams="pqg-params" or pqg="pqg-params".

For RSA keys, the keyparams parameter is not used (ignored if present). The user may be given a choice of RSA key strengths. Currently, the user is given a choice between "high" strength (2048 bits) and "medium" strength (1024 bits).

For DSA keys, the keyparams parameter specifies the DSA PQG parameters which are to be used in the keygen process. The value of the pqg parameter is the the BASE64 encoded, DER encoded Dss-Parms as specified in IETF RFC 3279. The user may be given a choice of DSA key sizes, allowing the user to choose one of the sizes defined in the DSA standard.

For EC keys, the keyparams parameter specifies the name of the elliptic curve on which the key will be generated. It is normally a string from the table in nsKeygenHandler.cpp. (Note that only a subset of the curves named there may actually be supported in any particular browser.) If the keyparams parameter string is not a recognized curve name string, then a curve is chosen according to the user's chosen key strength (low, medium, high), using the curve named "secp384r1" for high, and the curve named "secp256r1" for medium keys. (Note: choice of the number of key strengths, default values for each strength, and the UI by which the user is offered a choice, are outside of the scope of this specification.)

The <keygen> element is only valid within an HTML form. It will cause some sort of selection to be presented to the user for selecting key size. The UI for the selection may be a menu, radio buttons, or possibly something else. The browser presents several possible key strengths. Currently, two strengths are offered, high and medium. If the user's browser is configured to support cryptographic hardware (e.g. "smart cards") the user may also be given a choice of where to generate the key, i.e., in a smart card or in software and stored on disk.

When the submit button is pressed, a key pair of the selected size is generated. The private key is encrypted and stored in the local key database.

PublicKeyAndChallenge ::= SEQUENCE {
    spki SubjectPublicKeyInfo,
    challenge IA5STRING
}
SignedPublicKeyAndChallenge ::= SEQUENCE {
    publicKeyAndChallenge PublicKeyAndChallenge,
    signatureAlgorithm AlgorithmIdentifier,
    signature BIT STRING
}

The public key and challenge string are DER encoded as PublicKeyAndChallenge, and then digitally signed with the private key to produce a SignedPublicKeyAndChallenge. The SignedPublicKeyAndChallenge is Base64 encoded, and the ASCII data is finally submitted to the server as the value of a form name/value pair, where the name is name as specified by the name attribute of the keygen element. If no challenge string is provided, then it will be encoded as an IA5STRING of length zero.

Here is an example form submission as it would be delivered to a CGI program by the HTTP server:

   commonname=John+Doe&email=doe@foo.com&org=Foobar+Computing+Corp.&
   orgunit=Bureau+of+Bureaucracy&locality=Anytown&state=California&country=US&
   key=MIHFMHEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAnX0TILJrOMUue%2BPtwBRE6XfV%0AWtKQbsshxk5ZhcUwcwyvcnIq9b82QhJdoACdD34rqfCAIND46fXKQUnb0mvKzQID%0AAQABFhFNb3ppbGxhSXNNeUZyaWVuZDANBgkqhkiG9w0BAQQFAANBAAKv2Eex2n%2FS%0Ar%2F7iJNroWlSzSMtTiQTEB%2BADWHGj9u1xrUrOilq%2Fo2cuQxIfZcNZkYAkWP4DubqW%0Ai0%2F%2FrgBvmco%3D

Specifications

Specification Status Comment
HTML Living Standard
The definition of '<keygen>' in that specification.
Living Standard  
HTML5
The definition of '<keygen>' in that specification.
Recommendation  

Compatibilità browser

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Basic support
Deprecated
Chrome No support ? — 57Edge Full support YesFirefox Full support 1IE No support NoOpera Full support 3Safari Full support 1.2WebView Android No support ? — 57Chrome Android No support ? — 57Edge Mobile Full support YesFirefox Android Full support 4Opera Android ? Safari iOS No support NoSamsung Internet Android Full support Yes

Legend

Full support  
Full support
No support  
No support
Compatibility unknown  
Compatibility unknown
Deprecated. Not for use in new websites.
Deprecated. Not for use in new websites.

Tag del documento e collaboratori

Hanno collaborato alla realizzazione di questa pagina: davidebaroffio
Ultima modifica di: davidebaroffio,