Generating a Key Pair

Key pairs are used by Crypto API to encrypt or sign data. There are two types of key pairs, and they must be created inside a key container. Please refer to Adding a Key Container.

The keyset owner can generate a key pair using the SafeNet ProtectToolkit-M keyset utility.

To generate a key pair

1.Launch the keyset management utility from the Start menu by selecting Start > Programs > SafeNet > ProtectToolkit M > gmksm.

2.Select the keyset container in which to generate a key pair.

3.Open the Container menu and choose Generate Key Pair.

4.The user is prompted to enter the keyset password. Correct password entry will display the generate key pair dialog.

5.The generate key pair dialog will prompt for the key usage and key size.

6.Choose Exchange or Sign depending on the required key pair usage.

7.Select a Key Size from the drop-down list.

8.Check the Exportable checkbox if you want to be able to back up this key pair.

9.Press OK to generate the key pair.

Key Usage

Key pairs generated using the keyset management utility have one of two usage attributes. These are:

>Exchange: This type of key pair is used to encrypt session keys for the user during normal SafeNet ProtectToolkit-M operation.

>Sign: This type of key pair is used to create digital signatures for the user during normal SafeNet ProtectToolkit-M operation.

Each user will generally require both types of keys within their particular keyset.

Key Size

Key size is an important consideration when using encryption as a security measure. When discussing key size, the value is given as a bit length, referring to how many digits are represented in the key value. As a general guideline, longer bit lengths produce longer keys and more secure encryption. However, larger key sizes slow the encryption process, due to the larger calculations involved.