New Key Alias

Provide the name of the new key to generate.

Key Algorithm

Algorithm for the key to generate. The key can be generated as type asymmetric (key-pair) or symmetric (secret key), and either key type is determined by the key algorithm specified.

For example, if RSA is specified as Key Algorithm, an asymmetric key (key-pair) is generated, and specifying AES generates a symmetric key (secret key).

By default, key algorithms can be selected from a drop-down list with the common options (RSA, DSA, ECDSA, and AES).

To manually specify another value, click >.

Examples of valid values:

• RSA

• ECDSA

• AES

If generating a symmetric (secret) key and the specified key algorithm name is not present in the predefined list of known secret key algorithms, the key algorithm name must be specified with the prefix "SEC:", for example: SEC:Blowfish. Currently, the secret key list contains the algorithms AES and DES.

If using the JackNJI11CryptoToken, the algorithm name can be specified as a long or hexadecimal constant value. For more information, see Secret Key generation in JackNJI11CryptoToken.

Key Specification

Key specifications for the key to generate.

By default, the key specification can be selected from a drop-down list with common values, depending on the key algorithm selected.

To manually specify another value, click >.

Note that some key specifications presented might not be supported by the crypto token being used.

For RSA and DSA, this is the key length and is specified as a number. Additionally, for RSA it is possible to use a different exponent by suffixing the number with an "e" followed by the exponent in decimal or prefixed with "0x" for hexadecimal.

For ECDSA, use the name of the curve.

Examples:

• 2048

• 2048 exp 0x10001

• secp256r1

• 128

• 168

• 64

Click the + (plus) button to supply information for an additional key to be generated at the same time.

Click the - (minus) button to remove the row.