In order to use asymmetric procedures for encryption or for digital signing of messages, it is necessary to have corresponding key pairs. Further information on asymmetric encryption algorithms will be found in the Script. Using CrypTool it is possible to generate asymmetric key pairs from the Generation of asymmetric key pair dialog for the following methods:
RSA
DSA
Elliptic curves
CrypTool also offers two procedures for creating signatures for documents that are based on elliptic curves. The two following signature algorithms are involved here:
ECSP-DSA (Elliptic Curve Signature Primitive – DSA variant) is a variant of DSA which makes use of the elliptic curve discrete logarithm problem but is otherwise very similar to DSA.
ECSP-NR (Elliptic Curve Signature Primitive – Nyberg-Rueppel variant) is a signature algorithm which is named after its inventors (Nyberg and Rueppel).
RSA and DSA key pairs are stored in the Personal Security Environment (PSE), an encrypted file, and access to the secret key is only possible with a PIN defined by the user. The public parameters of the elliptic curve key pair are stored in an unencrypted file, while the secret part is encrypted and - protected with a PIN - written to the corresponding PSE.
For all three methods – RSA, DSA and elliptic curves – every key pair must be given a separate PIN.
Every key pair generated and any additional relevant data are stored under a key identifier.