Dialog Generation of an Asymmetric Key Pair
This dialog is accessed by selecting the menu item
Digital Signatures/PKI \ PKI
\ Key Generation/Import.
This dialog is used to specify the parameters to be used to
generate an asymmetric key pair.Asymmetric key
pairs can be generated for the following cryptosystems:
Elliptic curves and DSA keys
can only be used in CrypTool to sign
messages. RSA keys can be used in CrypTool
to sign, encrypt
and decrypt data.

The dialog is divided into five areas (the lower three areas are only active
when elliptic curve keys are generated):
-
Choice of algorithm:
For RSA and DSA keys, the length of
the key must be specified (in bits). The RSA modulus n (n is the
product of two approximately equal-sized prime numbers) must be between 301 and
8192 bits long. Every integer in between is valid and is accepted if
entered. Bit lengths 512, 768, 1024 and 2048 are already pre-defined and can be
selected with the mouse.
The DSA prime number p - through which
essentially the DSA key is determined - must be between 301 and 8192 bits long, in addition its length must be divisible by 64. The bit lengths 512, 768, 1024 and 2048 are already pre-defined and can be
selected with the mouse.
For elliptic curves, seven options are
provided. The curves are selected by choosing among a set of "parameter
identifiers" (also known as "curve identifiers"). Every parameter identifier is
of the form primeXXXvY, where XXX stands for the bit length of prime number p
and Y distinguishes different curves for which p has the same bit length. (The
elliptic curve is defined through Z[p]. See also Elliptic Curves
script, section entitled Elliptic Curves in Cryptography.)
-
User information:
There are fields in which to enter user-relevant data by means of which it is
possible to distinguish the different keys.
Entries in the fields Last name, First name, PIN and
PIN verification are mandatory. An entry in Key identifier is
optional and enables you to create several keys under your own name. When
entering the last name, first name and key identifier, no special characters
(for example, \ / : * ? " < > | ) may be used; if they are, an
appropriate error message will be displayed.
-
Domain parameters:
In the Domain Parameter box at the bottom of the window, the parameters
for the currently selected curve identifier are displayed. The Elliptic Curves
script, section entitled Elliptic Curves in Cryptography, explains what
is meant by domain parameters.
-
Base for presentation of numbers:
The choices available are octal, decimal and hexadecimal (see
ASCII Table).
-
Display generated key pair:
This field allows you to decide whether you wish to see the key
pair generated for elliptic curves or
not. If you choose to have the key pair displayed, a new dialog,
Display public and private key for elliptic curves, is opened. Here you
can continue generating pseudorandom numbers until one of the key pairs
generated "pleases you" and you are happy to keep it.
Every key pair generated and any additional relevant data are stored under a key
identifier.
Generated RSA and DSA key can be exported to a file in PKCS #12 format using the
Available asymmetric key pairs dialog. You can use the PKCS #12 import
button in this dialog to re-import those keys. Please note that there are some
restrictions regarding PKCS #12 import.