版本：HTML5廢棄

HTML? ?元素是為了方便生成密鑰材料和提交作為HTML form?的一部分的公鑰.這種機制被用于設計基于 Web 的證書管理系統。按照預想， ?元素將用于?HTML?表單與其他的所需信息一起構造一個證書請求，該處理的結果將是一個帶有簽名的證書。

There is currently discussion among Web browser makers whether to keep this feature or not. Until a decision is reached, it is better to continue to consider this feature as deprecated and going away.

Content categoriesPermitted contentTag omission允許的父元素DOM接口

流式內容元素,段落內容元素, 交互內容元素,listed,labelable,submittable,resettable?form-associated element, 段落內容元素.

None, it is anempty element.

Must have a start tag and must not have an end tag.

可接受的任何元素段落內容元素.

HTMLKeygenElement

Attributes

This element includes the?global attributes.

• autofocusThis Boolean attribute lets you specify that the control should have input focus when the page loads, unless the user overrides it, for example by typing in a different control. Only one form element in a document can have theautofocusattribute, which is a Boolean.
• challengeA challenge string that is submitted along with the public key. Defaults to an empty string if not specified.
• disabledThis Boolean attribute indicates that the form control is not available for interaction.
• formThe form element that this element is associated with (itsform owner). The value of the attribute must be anidof aelement in the same document. If this attribute is not specified, this element must be a descendant of aelement. This attribute enables you to placeelements anywhere within a document, not just as descendants of their form elements.
• keytypeThe type of key generated. The default value isRSA.
• nameThe name of the control, which is submitted with the form data.

The element is written as follows:

Thekeytypeparameter is used to specify what type of key is to be generated. Valid values are "RSA", which is the default,"DSA" and "EC".Thenameandchallengeattributes are required in all cases.Thekeytypeattribute is optional for RSA key generation and required for DSA and EC key generation.Thekeyparamsattribute is required for DSA and EC key generation and ignored for RSA key generation.PQGis a synonym forkeyparams. That is, you may specifykeyparams="pqg-params"orpqg="pqg-params".

For RSA keys,thekeyparamsparameter is not used (ignored if present). The user may be given a choice of RSA key strengths. Currently, the user is given a choice between "high" strength (2048 bits) and "medium" strength (1024 bits).

For DSA keys,thekeyparamsparameter specifies the DSA PQG parameters which are to be used in the keygen process. The value of thepqgparameter is the the BASE64 encoded, DER encoded Dss-Parms as specified in IETFRFC 3279. The user may be given a choice of DSA key sizes, allowing the user to choose one of the sizes defined in the DSA standard.

For EC keys,thekeyparamsparameter specifies the name of the elliptic curve on which the key will be generated. It is normally a string from the table innsKeygenHandler.cpp.(Note that only a subset of the curves named there may actually be supported in any particular browser.) If thekeyparamsparameter string is not a recognized curve name string, then a curve is chosen according to the user's chosen key strength (low, medium, high), using the curve named "secp384r1" for high, and the curve named "secp256r1" for medium keys.(Note: choice of the number of key strengths, default values for each strength, and the UI by which the user is offered a choice, are outside of the scope of this specification.)

Theelement is only valid within an HTML form. It will cause some sort of selection to be presented to the user for selecting key size. The UI for the selection may be a menu, radio buttons, or possibly something else. The browser presents several possible key strengths. Currently, two strengths are offered, high and medium. If the user's browser is configured to support cryptographic hardware (e.g."smart cards") the user may also be given a choice of where to generate the key, i.e., in a smart card or in software and stored on disk.

When the submit button is pressed, a key pair of the selected size is generated. The private key is encrypted and stored in the local key database.

publickeyandchallenge ::= sequence {spki subjectpublickeyinfo,challenge ia5string}signedpublickeyandchallenge ::= sequence {publickeyandchallenge publickeyandchallenge,signaturealgorithm algorithmidentifier,signature bit string}

The public key and challenge string are DER encoded asPublicKeyAndChallenge, and then digitally signed with the private key to produce aSignedPublicKeyAndChallenge.TheSignedPublicKeyAndChallengeisBase64encoded, and the ASCII data is finally submitted to the server as the value of a form name/value pair, where the name isnameas specified by thenameattribute of thekeygenelement. If no challenge string is provided, then it will be encoded as anIA5STRINGof length zero.

Here is an example form submission as it would be delivered to a CGI program by the HTTP server:

commonname=john+doe&email=doe@foo.com&org=foobar+computing+corp.&orgunit=bureau+of+bureaucracy&locality=anytown&state=california&country=us&key=mihfmhewxdanbgkqhkig9w0baqefaanladbiakeanx0tiljromuue%2bptwbre6xfv%0awtkqbsshxk5zhcuwcwyvcniq9b82qhjdoacdd34rqfcaind46fxkqunb0mvkzqid%0aaqabfhfnb3ppbgxhsxnneuzyawvuzdanbgkqhkig9w0baqqfaanbaakv2eex2n%2fs%0ar%2f7ijnrowlszsmttiqteb%2badwhgj9u1xruroilq%2fo2cuqxifzcnzkyakwp4dubqw%0ai0%2f%2frgbvmco%3d

Examples

• Sample form with RSA KEYGEN element
• Sample form with DSA KEYGEN element and PQG Parameters
• Sample form with DSA KEYGEN element but no PQG Parameters
• Sample form with EC KEYGEN element

Specifications

SpecificationStatusComment

HTML Living Standard	Living Standard	?
HTML5	Recommendation	?

實例

帶有 keygen 字段的表單：

?username:?encryption:?

瀏覽器支持

Firefox、Opera、Chrome 和 Safari 6 都支持標簽。

標簽定義及使用說明

標簽規定用于表單的密鑰對生成器字段。

當提交表單時，私鑰存儲在本地，公鑰發送到服務器。

HTML 4.01 與 HTML5之間的差異

元素是 HTML5 新標簽。

屬性

New：HTML5 新屬性。

屬性值描述

autofocusNew	autofocus	使字段在頁面加載時獲得焦點。
challengeNew	challenge	如果使用，則將 keygen 的值設置為在提交時詢問。
disabledNew	disabled	禁用元素字段。
formNew	form_id	定義該字段所屬的一個或多個表單。
keytypeNew	rsadsaec	定義密鑰的安全算法。
nameNew	name	定義元素的唯一名稱。name 屬性用于在提交表單時搜集字段的值。

全局屬性

標簽支持全局屬性，查看完整屬性表HTML全局屬性.

事件屬性

標簽支持所有HTML事件屬性.