Key Pair Generation is the usage scenarios in which a privileged user or signer generates a pair of signing keys and assigning them to a signer (e.g. his own).
The starting point of this scenario is that a privileged user or signer initiates a request for user authentication at the SSSrv/UI where the user authentication is performed via the IdP. Optional when the user is a privileged user the signer is selected whose attributes should be updated. The request for generating a new key pair for a signer then is send by the privileged user or signer to the SSSrv/UI and then goes its way along to the SAM. When the request is retrieved, the SAM verifies that the requestor is authenticated and identified. If the authenticity and identity check is successful, the SAM generates the Signer's key pair. The SAM requests the cryptographic module to generate a key pair. The cryptographic module generates the Wrapped Key based on the generated key pair, signs the Wrapped Key, generates a certificate request based on the generated key pair, signs the certificate request and sends both the Wrapped Key and the certificate request back to the SAM which then requests the storage of the Wrapped Key in the Key Manager, stores the signed certificate request in the KM. The user a privileged user or signer then gets the result of its request by confirmation.