KEYGEN - generate key material
The KEYGEN tag
facilitates the generation of key material and submission of the
public key as part of an HTML form. This mechanism is designed for
use in web-based certificate management systems. It displays a
menu of key-size choices from which the user must choose one.
Then, when the submit button is clicked, a key pair of the
selected size is generated. The private key is encrypted and
stored in the local key database.
The public key and challenge string are DER encoded as
PublicKeyAndChallenge and then digitally signed with the private
key to produce a SignedPublicKeyAndChallenge. The
SignedPublicKeyAndChallenge is base64 encoded, and the ASCII data
is finally submitted to the server as the value of a name-value
pair, where the name is specified by the NAME attribute of the
NAME specifies the name for the name/value pair.
CHALLENGE specifies the challenge string to be
packaged with the public key in the PublicKeyAndChallenge for use
in verification of the form submission. If no challenge string is
provided, then it is encoded as an IA5STRING of length zero.