HTML <keygen> Tag

This tag has now been removed from the HTML5 specification. Rather than remove this article altogether, I have decided to keep it here for reference.

The HTML <keygen> tag generates a cryptographic key pair in an HTML document.

The <keygen> tag can be used for generating signed certificates, which can be used to authenticate to services that use Transport Layer Security (TLS) and certificate authentication. When the <keygen> element's form is submitted, the private key is stored in the local keystore, and the public key is packaged and sent to the server.

The <keygen> element provides the user with a range of key size options. It may also provide a choice of where to generate the key, for example in a smart card or in software and stored on disk. In this case the user's browser would need to be configured to support cryptographic hardware.

Syntax

The <keygen> tag could typically be written as <keygen name="" challenge="" keytype=""> (no end tag), with relevant values applied to the name, challenge, and keytype attributes.

Like this:

Example

Here's an example of using the <keygen> tag to generate a cryptographic key pair.

Attributes

Attributes can be added to an HTML element to provide more information about how the element should appear or behave.

The <keygen> element accepts the following attributes.

AttributeDescription
autofocusAutomatically gives focus to this control when the page loads. This allows the user to start using the control without having to select it first. There must not be more than one element in the document with the autofocus attribute specified.

This is a boolean attribute. If the attribute is present, its value must either be the empty string or a value that is an ASCII case-insensitive match for the attribute's canonical name, with no leading or trailing whitespace (i.e. either autofocus or autofocus="autofocus").

Possible values:

  • [Empty string]
  • autofocus
challengeSpecifies whether or not the value of the keygen is be challenged when submitted.
disabledDisables the control. The control won't accept changes from the user. It also cannot receive focus and will be skipped when tabbing.

This is a boolean attribute. If the attribute is present, its value must either be the empty string or a value that is an ASCII case-insensitive match for the attribute's canonical name, with no leading or trailing whitespace (i.e. either disabled or disabled="disabled").

Possible values:

  • [Empty string]
  • disabled
formSpecifies the ID of a form to which this control belongs.

Possible values:

[The ID of a form element in the element's owner Document]

keytypeSpecifies a key type. For example, the value "RSA" specifies an RSA key.
nameAssigns a name to the input control.

Global Attributes

The following attributes are standard across all HTML elements. Therefore, you can use these attributes with the <keygen> tag , as well as with all other HTML tags.

For a full explanation of these attributes, see HTML 5 global attributes.

Event Handlers

Event handler content attributes enable you to invoke a script from within your HTML. The script is invoked when a certain "event" occurs. Each event handler content attribute deals with a different event.

Most event handler content attributes can be used on all HTML elements, but some event handlers have specific rules around when they can be used and which elements they are applicable to.

For more detail, see HTML event handler content attributes.