[whatwg] <keygen>

Martin Atkins mart at degeneration.co.uk
Tue Jan 6 11:51:54 PST 2009

Maciej Stachowiak wrote:
> In the case of Safari, we store the generated private key in the 
> Keychain, and sites using <keygen> typically respond with a signed 
> certificate, which is downloaded and automatically added to the 
> Keychain. Depending on the valid purposes of the key, users can then do 
> the following automatically:
> 1) Browse to SSL sites that require client-side certificates for 
> authentication, in Safari.

In case it's useful, an example of the above use-case is 
http://www.myopenid.com/ , which is an OpenID provider that can use SSL 
client certs for authentication. The client certs are initially issued 
using <keygen>.

I personally use it in Opera and Firefox, and they act in a similar way 
to what you describe for Safari.

More information about the whatwg mailing list