PKI, Keygen Tag and SPKAC

Infocults “And the Web passed by this HTML” article mentioned the website, in particular the little gem Keygen which is an obscure little tag I have used over the years.

What’s this Keygen tag used for?

It generates a Public and Private key to be signed into a digital certificate by a CA (Certificate Authority). This is used with PKI (Public Key Infrastructure deployments).

The keygen tag is used as a form element which is submitted to a server CGI, Servlet etc which should then knows how to process this SPKAC (Signed Public Key And Challenge). This is used in Netscape, Mozilla, Firefox and Lotus Notes browsers. Internet explorer utilises an Active X control to generate a key pair (although it generates a PKCS 10).

OpenSSL have an SPKAC utility , which although I haven’t used would be able to parse the result of the keygen form tag.

Although a comment on the MetaFilter site says that keygen is obsolete, it’s still alive and kicking. I don’t know of any other way through a web page to get Non IE browser (Firefox, Lotus Notes, etc) to generate a key pair. VeriSign use this extensively for non IE browser.

Yes it’s obscure, I have been using Keygen for the last 6.5 years ! It’s just a very specific HTML security function that 99.99% of people would not use.

Leave a Reply