What is Key Generation in Google Chrome?
I found this option in the privacy settings. What is Key Generation, for forms? There was not even help for this option in the Google online documents.
https://support.google.com/chrome/search?q=key+generation
Version 51.0.2704.103 m
From Alexandre Marcondes on Chrome Help Forum (link):
it seems that it may refer to this
<keygen>
tag on forms feature (which is deprecated by the way):
- developer.mozilla.org reference on keygen HTML element
- whatwg.org specs on forms/keygen element
- w3.org HTML 5 specs on forms/keygen element
The official Chrome docs say
Key generation: Some websites use keys when you fill out forms, including online purchases, for increased security and authentication.
so it probably does refer to <keygen>
.
First, some insight may be helpful:
When it mentions the word key it really means its talking about cryptography through (most likely) public key cryptography (also called asymmetric cryptography). Without going to deep, public key cryptography can be used to secure electronic communications over the internet. A form on the internet is something that can be submitted, or otherwise transmitted.
An example of a form being submitted would be when you press the "Place Order" button on Amazon. Posting this answer is considered a form being submitted (inspecting the page source show this!). However, it unlikely that SuperUser uses any kind of cryptography when I submitted this answer, since it doesn't contain sensitive information. Your Amazon order however contains information like a credit card number, your address, and other information that you probably wouldn't want to fall into the wrong hands during transmission.
To answer the question, key generation in forms is allowing the form to generate its own key based off a parameter and some other information likely stored on the server the website is hosted on. The reason Google defaults this option to "Do not allow any sites to use key generation in forms" is likely because of two things: From what I can gather, allowing the website to generate its own key is becoming deprecated, and because it is less secure.