Generating New Keys

Crescendo Manager allows you to generate new public-private key pairs with your tokens.

Note: The actions and options below depend on the token type and may not be available for your specific token.
Tip! Crescendo Manager allows you to generate a Secure Key Injection (SKI) Transport key for your token, enabling you to securely transfer secrets to your token.

To generate a new key pair with the selected token:

  1. Go to the Certificates view in the left navigation pane.

  2. Click the Generate link on the desired slot.

    Slots with the Generate links highlighted.

  3. The Generate Key, CSR or Certificate dialog opens, with the New key generation action and the specific slot already pre-selected.

    The Generate Key, CSR or Certificate dialog with the Select action and the Choose Key Slot fields highlighted.

    (An alternative to the Generate link is to click the Generate button in the top-right corner of the Certificates view and select New key from the Select action drop-down.)

    The Certificates view with the Generate button highlighted.The Generate Key, CSR or Certificate dialog with the Select action field highlighted.

  4. Key Type: Select the key pair type to generate. The key pair type determines the cryptographic algorithm and key length.

  5. Choose Key Slot: If necessary, you can select a different slot for generating the new key pair.

  6. Key Name: The key name is a human-readable string used to identify the key. Use the randomly generated value or overwrite it.

    Note:

    Knowing the key name is useful when you need to use the key directly, such as with the Cryptography Next Generation (CNG Cryptography Next Generation. A modern cryptographic API (Application Programming Interface) introduced by Microsoft as part of Windows to replace the older CryptoAPI. It provides a flexible and extensible framework for implementing cryptographic algorithms, key storage, and secure key management and supports a wide range of cryptographic operations, including encryption, decryption, hashing, and digital signatures.) application programming interface. See the simple PowerShell example below, which opens the key for further actions.

    Copy
    [System.Security.Cryptography.CngKey]::Open($keyname, [System.Security.Cryptography.CngProvider]::MicrosoftSmartCardKeyStorageProvider)
  7. Click the Generate button. The new key is now displayed in the respective slot tile.

  8. To copy the public key, click the tile. The private key cannot be accessed or retrieved.

Actions Available With an Existing Key

Once you have a key stored on your token, you can: