January 06, 2014

Adding Security for HTML5 Can Be Easier with Keygen Markup

Applications these days are under an ever-increasing need for security. Whether said apps are Web-based, mobile, or HTML5—which can be a little of both depending on how the issue is considered—making sure said apps can not only carry out desired functions but also protect users' data and privacy are very important. But getting proper security in place can be a bit of a difficult project, tending to rely on a public key or private key model. HTML5, meanwhile, looks to make the use of keys simpler and more effective thanks to what's called the “keygen” markup.

The keygen markup allows for a control that generates a public and private key pair, while also submitting the public key part of the duo. While the HTML5 specification for keygen markup says that there aren't permitted contents available for the control, it turns out there are several attributes that can be connected with the element. Among these include the challenge attribute, which can use string values for the challenge string, the autofocus attribute which can either be empty or have a value of “autofocus,” the disabled attribute which allows the keygen markup to represent a disabled control should the need arise, and several others besides.

While the keygen markup element is described as a kind of form element, it's also considered a void element, which means that it can't be a descendent on either a button or an a element, and it can't have an end tag (NewsAlert), either. This may confuse some users, since the keygen markup element boasts a start tag, but that, at last report, is simply the nature of the affair. Sample code for the keygen markup control is currently available, so those users who want to get in on the action can get started now.

We all want better security in apps. We've already seen Snapchat users get hacked on a grand scale recently, with around 4.6 million Snapchat users finding substantial amounts of personal data released to the public. While that hack was largely considered to have used vulnerabilities described as “theoretical” in nature, the hack was still accomplished, and this theoretical vulnerability left users quite actually exposed. No one wants to go through the endless hassles of trying to change a phone number or close a bank account or a credit card, so putting protections in place for users is just good business.

The keygen markup system may help put a more desirable level of security in place, allowing app developers to better market product lines by offering better security than competitors can. That's the kind of thing that might provide a real edge in the marketplace, and these days, businesses of any stripe need all the edge that can be had. While keygen markup may not work for every app, it's likely to bring quite a bit of help to at least some apps, and for those apps, it's help that will prove welcome in its own right.

Edited by Cassandra Tucker


HTML 5 Demos and Examples

HTML 5 experimentation and demos I've hacked together. Click on the browser support icon or the technology tag to filter the demos.... Learn More

HTML5 GAMES is the largest and most comprehensive directory of HTML5 games on the internet... Learn More

The HTML5 test

How well does your browser support HTML5?... Learn More

Working Draft (WHATWG)

This is the Editor’s Draft from WHATWG. You can use it online or print the available PDF version... Learn More

HTML5 Flip Book

Free jQuery and HTML5 flip book maker for PDF to online page turning book conversion... Learn More