Generate Key Pair Dialog Box


The key name identifies the key in the user key database.


Specifies the algorithm used for key generation.


Specifies the key size. Up to a point, a larger key size improves security. Increasing key size slows down the initial connection, but has no effect on the speed of encryption or decryption of the data stream after a successful connection has been made. The length of key you should use depends on many factors, including: the key type, the lifetime of the key, the value of the data being protected, the resources available to a potential attacker, and the size of the symmetric key you use in conjunction with this asymmetric key. To ensure the best choice for your needs, we recommend that you contact your security officer.

RSA keys must be between 1024 and 4096 bits in 256-bit increments.

DSA keys must be between 512 and 1024 bits in 64-bit increments. (In FIPS mode, DSA keys must be 1024 bits.)

No passphrase

Select this option to create a key that is not protected by a passphrase.

CAUTION:To help ensure security, all user keys should be passphrase protected. If you don't specify a passphrase, the private key is stored in unencrypted form in the key store, and anyone who gains access to the key can authenticate using it. In standalone mode keys are stored on the same computer as X Manager. In domain mode, keys in the Reflection X Advantage Store are stored in the database on the domain controller and the administrator of that computer will be able to read these keys.


Enter a passphrase A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, white space, or any string of characters. Passphrases improve security by limiting access to secure objects, such as private keys and/or a key agent. for this key. You will need to enter this passphrase when the key is used for authentication.


Retype the passphrase.