Select the key pair type(s) and associated key pair size(s) from the pulldown menus. [Details]
Note that only RSA is supported for the audit_signing certificate at this point
Each certificate can have its own key pair generated with its own independent settings or common settings can be applied to all key pairs. At minimum, each key pair has to define what type it is by identifying a cipher family and then has to set a strength for that key.
Key Type. Sets the cipher family to use to generate the key pair. RSA and ECC key types have slightly different strength options.
RSA strength: Key Size. Sets the key length for the generated pair. The key length can be one of the lenghs listed below. Longer keys are stronger, which makes them more secure.
However, longer key pair sizes also increase the time required to perform operations such as signing certificates, so long keys can affect performance.
ECC strength: Curve Name. Sets the curve algorithm to use, which can be any one of the curves listed below. The curves that are included in parenthesis are equivalent - and either name can be used. Note that not all curves may be supported by the token.