Crypto Token Generate Key Page

Provide the name of the new key to generate.

Algorithm for the key to generate. The key can be generated as type asymmetric (key-pair) or symmetric (secret key), and either key type is determined by the key algorithm specified.

For example, if RSA is specified as Key Algorithm, an asymmetric key (key-pair) is generated, and specifying AES generates a symmetric key (secret key).

By default, key algorithms can be selected from a drop-down list with the common options (RSA, DSA, ECDSA, and AES).

To manually specify another value, click >.

Examples of valid values:

• RSA
• ECDSA
• AES

If generating a symmetric (secret) key and the specified key algorithm name is not present in the predefined list of known secret key algorithms, the key algorithm name must be specified with the prefix "SEC:", for example: SEC:Blowfish. Currently, the secret key list contains the algorithms AES and DES.

If using the P11NGCryptoToken, the algorithm name can be specified as a long or hexadecimal constant value. For more information, see Secret Key generation in P11NGCryptoToken.

Key specifications for the key to generate.

By default, the key specification can be selected from a drop-down list with common values, depending on the key algorithm selected.

To manually specify another value, click >.

Note that some key specifications presented might not be supported by the crypto token being used.

For RSA and DSA, this is the key length and is specified as a number. Additionally, for RSA it is possible to use a different exponent by suffixing the number with "exp" followed by the exponent in decimal or prefixed with "0x" for hexadecimal. The default value for the exponent is 65537.

For ECDSA, use the name of the curve.

Examples:

• 2048
• 2048 exp 0x10001
• secp256r1
• 128
• 168
• 64