Certificate Generation Settings

This page is used to configure the Certificate Generation Settings that will be generated in the Go>Sign Desktop.

The configuration items are as follows:

Items

Description

Key Algorithm

Specify the Key Algorithm that will be used to generate the key pair from Go>Sign Desktop.

RSA
ECDSA
DILITHIUM

Note: Keep below points in mind while using DILITHIUM key algorithm:

The keys generated using PQC algorithm, i.e. Dilithium, are created solely through software and not via HSMs.
The Dilithium algorithm will be only be used for document signing purposes.
The below mentioned signature types are supported for DILITHIUM:

PKCS1
CMS
CAdES Baseline (Only if CA key is RSA/EC)
CAdES Extended (Only if CA key is RSA/EC)

The DILITHIUM key algorithm will only be available to the user when the Keystore Settings are set to 'Roaming Key' for the Go>Sign Profile.

For PQC, BouncyCastle and IAIK libraries use different OIDs. Consequently, signatures generated using Go>Sign Desktop will not be verified by the verification service.

Bouncy Castle

OID_DILITHIUM2 = "1.3.6.1.4.1.2.267.12.4.4";
OID_DILITHIUM3 = "1.3.6.1.4.1.2.267.12.6.5";
OID_DILITHIUM5 = "1.3.6.1.4.1.2.267.12.8.7";

IAIK

OID_DILITHIUM2 = "1.3.6.1.4.1.2.267.7.4.4";
OID_DILITHIUM3 = "1.3.6.1.4.1.2.267.7.6.5";
OID_DILITHIUM5 = "1.3.6.1.4.1.2.267.7.8.7";.

Currently the PQC algorithm (Dilithium) is only for proof of concept (POC).

Key Length

Specify the Key Length against the above selected algorithm.

The choices of RSA keys are:

1024
2048
3072
4096

The choices for ECDSA keys are:

Security Level

The Security Level drop-down will be available when Dilithium is selected in the 'Key Algorithm' field. This drop-down allows the user to choose the security level for the selected key algorithm. The security levels for Dilithium are defined below:

Clicking the Next button will display the Key Store Settings page.