10

As of January 2013, what are the potential benefits and drawbacks of the HTML5 Keygen element?

makerofthings7
  • 50,488
  • 54
  • 253
  • 542

1 Answers1

12

Pros

  • It can improve security when authenticating (in addition to a multi-factor device)

  • If used as a "client certificate", it can make MITM attacks much more difficult

  • The Keygen tag is implemented across most non-IE browsers, making it very easy to implement

  • Works regardless of administrator permission. With IE Active X controls can be disabled and IE and browser settings can make key generation impossible on tightly controlled systems. In this situation the current Keygen in non-IE browsers is often the only error free method to generate and use Client certificates

Cons & Deficiencies

  • Certificates are not easily portable between systems (to some, this is a "pro")

  • The private key is not stored in a standard location

  • The UI is confusing and difficult to understand

  • Requires the user to select the appropriate key length from a list. Most users are not equipped to make this decision.

  • Poor user experience when the user is prompted to download the certificate. A better approach would have the key submission and certificate response integrated into the same control. (possible solution also this on S.O. )

  • <keygen> does not provide a mechanism for managing certificate expiry

  • No standard key length or hash implemented across browsers

  • Algorithm support is missing (RSA, DSA, ECC, etc)

  • Keysize selection should come from the form, not user selectable.

  • The signature is based on MD5 (which can be mitigated by a time based challenge)

  • Non-Exportable keygen flag is missing

  • Hardware protected keygen flag is missing

  • Password protection required is missing

  • The certificate is limited to RSA based applications

  • The HTML form could be modified locally and key generation security reduced accordingly

  • If enrolling to a Microsoft Certificate Server, the only supported CertType is "server" via DCOM API

  • The format used by is not standard and only provides a subset of already established protocols like PKCS10 , CMC , and CRMF . This prevents from supporting non-RSA based certificates, extensions for additional client information, and key escrow

  • Not supported in IE due to better support with CertEnroll and the issues described here

makerofthings7
  • 50,488
  • 54
  • 253
  • 542
  • do you know of a way to ensure or see that a generated private key doesn't leave my machine in such a process? – 0xC0000022L Feb 27 '15 at 15:52
  • @0xC0000022L Right now, the most interesting way to deploy certificates may be based on Microsoft CS, IF the web service enrollment can be used on multiple platforms... http://security.stackexchange.com/q/82657/396 – makerofthings7 Feb 27 '15 at 16:45