As of January 2013, what are the potential benefits and drawbacks of the HTML5 Keygen element?
1 Answers
Pros
It can improve security when authenticating (in addition to a multi-factor device)
If used as a "client certificate", it can make MITM attacks much more difficult
The Keygen tag is implemented across most non-IE browsers, making it very easy to implement
Works regardless of administrator permission. With IE Active X controls can be disabled and IE and browser settings can make key generation impossible on tightly controlled systems. In this situation the current Keygen in non-IE browsers is often the only error free method to generate and use Client certificates
Cons & Deficiencies
Certificates are not easily portable between systems (to some, this is a "pro")
The private key is not stored in a standard location
The UI is confusing and difficult to understand
Requires the user to select the appropriate key length from a list. Most users are not equipped to make this decision.
Poor user experience when the user is prompted to download the certificate. A better approach would have the key submission and certificate response integrated into the same control. (possible solution also this on S.O. )
<keygen>
does not provide a mechanism for managing certificate expiryNo standard key length or hash implemented across browsers
Algorithm support is missing (RSA, DSA, ECC, etc)
Keysize selection should come from the form, not user selectable.
The signature is based on MD5 (which can be mitigated by a time based challenge)
Non-Exportable keygen flag is missing
Hardware protected keygen flag is missing
Password protection required is missing
The certificate is limited to RSA based applications
The HTML form could be modified locally and key generation security reduced accordingly
If enrolling to a Microsoft Certificate Server, the only supported CertType is "server" via DCOM API
The format used by is not standard and only provides a subset of already established protocols like PKCS10 , CMC , and CRMF . This prevents from supporting non-RSA based certificates, extensions for additional client information, and key escrow
Not supported in IE due to better support with
CertEnroll
and the issues described here
- 50,488
- 54
- 253
- 542
-
do you know of a way to ensure or see that a generated private key doesn't leave my machine in such a process? – 0xC0000022L Feb 27 '15 at 15:52
-
@0xC0000022L Right now, the most interesting way to deploy certificates may be based on Microsoft CS, IF the web service enrollment can be used on multiple platforms... http://security.stackexchange.com/q/82657/396 – makerofthings7 Feb 27 '15 at 16:45