Index: pki/base/ca/shared/profiles/ca/caEncECUserCert.cfg
===================================================================
--- pki/base/ca/shared/profiles/ca/caEncECUserCert.cfg	(revision 2381)
+++ pki/base/ca/shared/profiles/ca/caEncECUserCert.cfg	(working copy)
@@ -5,7 +5,7 @@
 name=Manual User Encryption ECC Certificates Enrollment
 auth.class_id=
 input.list=i1
-input.i1.class_id=keyGenInputImpl
+input.i1.class_id=encKeyGenInputImpl
 output.list=o1
 output.o1.class_id=certOutputImpl
 policyset.list=encryptionCertSet
Index: pki/base/ca/shared/conf/registry.cfg
===================================================================
--- pki/base/ca/shared/conf/registry.cfg	(revision 2381)
+++ pki/base/ca/shared/conf/registry.cfg	(working copy)
@@ -167,7 +167,7 @@
 profile.caUserCertEnrollImpl.class=com.netscape.cms.profile.common.UserCertCAEnrollProfile
 profile.caUserCertEnrollImpl.desc=Certificate Authority User Certificate Enrollment Profile
 profile.caUserCertEnrollImpl.name=User Certificate Enrollment Profile
-profileInput.ids=cmcCertReqInputImpl,certReqInputImpl,keyGenInputImpl,dualKeyGenInputImpl,subjectNameInputImpl,submitterInfoInputImpl,genericInputImpl,fileSigningInputImpl,imageInputImpl,subjectDNInputImpl,nsNKeyCertReqInputImpl,nsHKeyCertReqInputImpl,serialNumRenewInputImpl
+profileInput.ids=cmcCertReqInputImpl,certReqInputImpl,keyGenInputImpl,encKeyGenInputImpl,signKeyGenInputImpl,dualKeyGenInputImpl,subjectNameInputImpl,submitterInfoInputImpl,genericInputImpl,fileSigningInputImpl,imageInputImpl,subjectDNInputImpl,nsNKeyCertReqInputImpl,nsHKeyCertReqInputImpl,serialNumRenewInputImpl
 profileInput.fileSigningInputImpl.class=com.netscape.cms.profile.input.FileSigningInput
 profileInput.fileSigningInputImpl.desc=File Signing Input
 profileInput.fileSigningInputImpl.name=File Signing Input
@@ -189,6 +189,12 @@
 profileInput.dualKeyGenInputImpl.class=com.netscape.cms.profile.input.DualKeyGenInput
 profileInput.dualKeyGenInputImpl.desc=Dual Key Generation Input
 profileInput.dualKeyGenInputImpl.name=Dual Key Generation Input
+profileInput.signKeyGenInputImpl.class=com.netscape.cms.profile.input.SigningKeyGenInput
+profileInput.signKeyGenInputImpl.desc=Encryption Key Generation Input
+profileInput.signKeyGenInputImpl.name=Encryption Key Generation Input
+profileInput.encKeyGenInputImpl.class=com.netscape.cms.profile.input.EncryptionKeyGenInput
+profileInput.encKeyGenInputImpl.desc=Encryption Key Generation Input
+profileInput.encKeyGenInputImpl.name=Encryption Key Generation Input
 profileInput.keyGenInputImpl.class=com.netscape.cms.profile.input.KeyGenInput
 profileInput.keyGenInputImpl.desc=Key Generation Input
 profileInput.keyGenInputImpl.name=Key Generation Input
Index: pki/base/common/src/UserMessages_en.properties
===================================================================
--- pki/base/common/src/UserMessages_en.properties	(revision 2381)
+++ pki/base/common/src/UserMessages_en.properties	(working copy)
@@ -1039,6 +1039,10 @@
 CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT=Subject Name
 CMS_PROFILE_INPUT_KEY_GEN_NAME=Key Generation
 CMS_PROFILE_INPUT_KEY_GEN_TEXT=Key Generation
+CMS_PROFILE_INPUT_ENC_KEY_GEN_NAME=Encryption Key Generation
+CMS_PROFILE_INPUT_ENC_KEY_GEN_TEXT=Encryption Key Generation
+CMS_PROFILE_INPUT_SIGN_KEY_GEN_NAME=Signing Key Generation
+CMS_PROFILE_INPUT_SIGN_KEY_GEN_TEXT=Signing Key Generation
 CMS_PROFILE_INPUT_DUAL_KEY_NAME=Dual Key Generation
 CMS_PROFILE_INPUT_DUAL_KEY_TEXT=Dual Key Generation
 CMS_PROFILE_UPDATER_SUBSYSTEM_NAME=Updater for Subsystem Group
Index: pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java
===================================================================
--- pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java	(revision 0)
+++ pki/base/common/src/com/netscape/cms/profile/input/EncryptionKeyGenInput.java	(revision 0)
@@ -0,0 +1,187 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.profile.input;
+
+
+import java.security.cert.*;
+import java.io.*;
+import java.util.*;
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.profile.*;
+import com.netscape.certsrv.request.*;
+import com.netscape.certsrv.property.*;
+import com.netscape.certsrv.apps.*;
+
+import org.mozilla.jss.asn1.*;
+import org.mozilla.jss.pkix.crmf.*;
+import org.mozilla.jss.pkix.cmc.*;
+import org.mozilla.jss.pkcs10.*;
+
+import netscape.security.x509.*;
+import netscape.security.util.*;
+import netscape.security.pkcs.*;
+
+import com.netscape.cms.profile.common.*;
+
+
+/**
+ * This class implements the key generation input that
+ * populates parameters to the enrollment page for
+ * key generation.
+ * <p>
+ *
+ * This input normally is used with user-based or
+ * non certificate request profile.
+ * <p>
+ *
+ * @version $Revision: 1211 $, $Date: 2010-08-18 10:15:37 -0700 (Wed, 18 Aug 2010) $
+ */
+public class EncryptionKeyGenInput extends EnrollInput implements IProfileInput { 
+
+    public static final String VAL_KEYGEN_REQUEST_TYPE = 
+        EnrollProfile.CTX_CERT_REQUEST_TYPE;
+    public static final String VAL_KEYGEN_REQUEST = 
+        EnrollProfile.CTX_CERT_REQUEST;
+
+    public EnrollProfile mEnrollProfile = null;
+
+    public EncryptionKeyGenInput() {
+        addValueName(VAL_KEYGEN_REQUEST_TYPE);
+        addValueName(VAL_KEYGEN_REQUEST);
+    }
+
+    /**
+     * Initializes this default policy.
+     */
+    public void init(IProfile profile, IConfigStore config)
+        throws EProfileException {
+        super.init(profile, config);
+        mEnrollProfile = (EnrollProfile) profile;
+    }
+
+    /**
+     * Retrieves the localizable name of this policy.
+     */
+    public String getName(Locale locale) {
+        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_ENC_KEY_GEN_NAME");
+    }
+
+    /**
+     * Retrieves the localizable description of this policy.
+     */
+    public String getText(Locale locale) {
+        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_ENC_KEY_GEN_TEXT");
+    }
+
+    /**
+     * Populates the request with this policy default.
+     */
+    public void populate(IProfileContext ctx, IRequest request)
+        throws EProfileException {
+        String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
+        String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
+
+        X509CertInfo info =
+            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+
+        if (keygen_request_type == null) {
+            CMS.debug("EncryptionKeyGenInput: populate - invalid cert request type " +
+                "");
+            throw new EProfileException(
+                    CMS.getUserMessage(getLocale(request),
+                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                        ""));
+        }
+        if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
+            PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
+
+            if (pkcs10 == null) {
+                throw new EProfileException(CMS.getUserMessage(
+                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+            }
+
+            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);	
+        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
+            DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
+
+            if (keygen == null) {
+                throw new EProfileException(CMS.getUserMessage(
+                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+            }
+
+            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);	
+        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
+            CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
+
+            if (msgs == null) {
+                throw new EProfileException(CMS.getUserMessage(
+                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+            }
+            for (int x = 0; x < msgs.length; x++) {
+                verifyPOP(getLocale(request), msgs[x]);
+            }
+            // This profile only handle the first request in CRMF
+            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+
+            mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
+        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
+            TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request);
+
+            if (msgs == null) {
+                throw new EProfileException(CMS.getUserMessage(
+                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+            }
+            // This profile only handle the first request in CRMF
+            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+
+            if (seqNum == null) { 
+                   throw new EProfileException( 
+                    CMS.getUserMessage(getLocale(request), 
+                    "CMS_PROFILE_UNKNOWN_SEQ_NUM")); 
+            }
+
+            mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
+        } else {
+            // error
+            CMS.debug("EncryptionKeyGenInput: populate - " +
+                "invalid cert request type " + keygen_request_type);
+            throw new EProfileException(CMS.getUserMessage(
+                        getLocale(request),
+                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                        keygen_request_type));
+        }
+        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
+    }
+
+    /**
+     * Retrieves the descriptor of the given value
+     * parameter by name.
+     */
+    public IDescriptor getValueDescriptor(Locale locale, String name) {
+        if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
+            return new Descriptor(IDescriptor.ENC_KEYGEN_REQUEST_TYPE, null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
+        } else if (name.equals(VAL_KEYGEN_REQUEST)) {
+            return new Descriptor(IDescriptor.ENC_KEYGEN_REQUEST, null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ"));
+        }
+        return null;
+    }
+}
Index: pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java
===================================================================
--- pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java	(revision 0)
+++ pki/base/common/src/com/netscape/cms/profile/input/SigningKeyGenInput.java	(revision 0)
@@ -0,0 +1,187 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.profile.input;
+
+
+import java.security.cert.*;
+import java.io.*;
+import java.util.*;
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.profile.*;
+import com.netscape.certsrv.request.*;
+import com.netscape.certsrv.property.*;
+import com.netscape.certsrv.apps.*;
+
+import org.mozilla.jss.asn1.*;
+import org.mozilla.jss.pkix.crmf.*;
+import org.mozilla.jss.pkix.cmc.*;
+import org.mozilla.jss.pkcs10.*;
+
+import netscape.security.x509.*;
+import netscape.security.util.*;
+import netscape.security.pkcs.*;
+
+import com.netscape.cms.profile.common.*;
+
+
+/**
+ * This class implements the key generation input that
+ * populates parameters to the enrollment page for
+ * key generation.
+ * <p>
+ *
+ * This input normally is used with user-based or
+ * non certificate request profile.
+ * <p>
+ *
+ * @version $Revision: 1211 $, $Date: 2010-08-18 10:15:37 -0700 (Wed, 18 Aug 2010) $
+ */
+public class SigningKeyGenInput extends EnrollInput implements IProfileInput { 
+
+    public static final String VAL_KEYGEN_REQUEST_TYPE = 
+        EnrollProfile.CTX_CERT_REQUEST_TYPE;
+    public static final String VAL_KEYGEN_REQUEST = 
+        EnrollProfile.CTX_CERT_REQUEST;
+
+    public EnrollProfile mEnrollProfile = null;
+
+    public SigningKeyGenInput() {
+        addValueName(VAL_KEYGEN_REQUEST_TYPE);
+        addValueName(VAL_KEYGEN_REQUEST);
+    }
+
+    /**
+     * Initializes this default policy.
+     */
+    public void init(IProfile profile, IConfigStore config)
+        throws EProfileException {
+        super.init(profile, config);
+        mEnrollProfile = (EnrollProfile) profile;
+    }
+
+    /**
+     * Retrieves the localizable name of this policy.
+     */
+    public String getName(Locale locale) {
+        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SIGN_KEY_GEN_NAME");
+    }
+
+    /**
+     * Retrieves the localizable description of this policy.
+     */
+    public String getText(Locale locale) {
+        return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SIGN_KEY_GEN_TEXT");
+    }
+
+    /**
+     * Populates the request with this policy default.
+     */
+    public void populate(IProfileContext ctx, IRequest request)
+        throws EProfileException {
+        String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
+        String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
+
+        X509CertInfo info =
+            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+
+        if (keygen_request_type == null) {
+            CMS.debug("SigningKeyGenInput: populate - invalid cert request type " +
+                "");
+            throw new EProfileException(
+                    CMS.getUserMessage(getLocale(request),
+                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                        ""));
+        }
+        if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
+            PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
+
+            if (pkcs10 == null) {
+                throw new EProfileException(CMS.getUserMessage(
+                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+            }
+
+            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);	
+        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
+            DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
+
+            if (keygen == null) {
+                throw new EProfileException(CMS.getUserMessage(
+                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+            }
+
+            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);	
+        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
+            CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
+
+            if (msgs == null) {
+                throw new EProfileException(CMS.getUserMessage(
+                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+            }
+            for (int x = 0; x < msgs.length; x++) {
+                verifyPOP(getLocale(request), msgs[x]);
+            }
+            // This profile only handle the first request in CRMF
+            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+
+            mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
+        } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
+            TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request);
+
+            if (msgs == null) {
+                throw new EProfileException(CMS.getUserMessage(
+                            getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+            }
+            // This profile only handle the first request in CRMF
+            Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+
+            if (seqNum == null) { 
+                   throw new EProfileException( 
+                    CMS.getUserMessage(getLocale(request), 
+                    "CMS_PROFILE_UNKNOWN_SEQ_NUM")); 
+            }
+
+            mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
+        } else {
+            // error
+            CMS.debug("SigningKeyGenInput: populate - " +
+                "invalid cert request type " + keygen_request_type);
+            throw new EProfileException(CMS.getUserMessage(
+                        getLocale(request),
+                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                        keygen_request_type));
+        }
+        request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
+    }
+
+    /**
+     * Retrieves the descriptor of the given value
+     * parameter by name.
+     */
+    public IDescriptor getValueDescriptor(Locale locale, String name) {
+        if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
+            return new Descriptor(IDescriptor.SIGN_KEYGEN_REQUEST_TYPE, null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
+        } else if (name.equals(VAL_KEYGEN_REQUEST)) {
+            return new Descriptor(IDescriptor.SIGN_KEYGEN_REQUEST, null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ"));
+        }
+        return null;
+    }
+}
Index: pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java
===================================================================
--- pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java	(revision 2381)
+++ pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java	(working copy)
@@ -39,6 +39,10 @@
     public static String STRING_LIST = "string_list";
     public static String KEYGEN_REQUEST = "keygen_request";
     public static String KEYGEN_REQUEST_TYPE = "keygen_request_type";
+    public static String ENC_KEYGEN_REQUEST = "enc_keygen_request";
+    public static String ENC_KEYGEN_REQUEST_TYPE = "enc_keygen_request_type";
+    public static String SIGN_KEYGEN_REQUEST = "sign_keygen_request";
+    public static String SIGN_KEYGEN_REQUEST_TYPE = "sign_keygen_request_type";
     public static String DUAL_KEYGEN_REQUEST = "dual_keygen_request";
     public static String DUAL_KEYGEN_REQUEST_TYPE = "dual_keygen_request_type";
     public static String CERT_REQUEST = "cert_request";
Index: pki/redhat/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
===================================================================
--- pki/redhat/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template	(revision 15995)
+++ pki/redhat/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template	(working copy)
@@ -36,6 +36,8 @@
 <SCRIPT LANGUAGE="JavaScript">
 
 var dual = 'false';
+var encryptionKeyOnly = 'false';
+var signingKeyOnly = 'false';
 
 var keyList = new Array();
 var key = new Object();
@@ -246,15 +248,35 @@
                         encKeySize, encKeyParams, encKeyType,
                         signKeySize, signKeyParams, signKeyType);
                 } else {
-                    if (keyTypeOptions("") == "EC") {
-                        dualKeyType = "ec-dual-use";
-                        keyParams = "curve=" + keyParam.value;
+                    if (encryptionKeyOnly == 'true') {
+                        if (keyTypeOptions("") == "EC") {
+                            dualKeyType = "ec-ex";
+                            keyParams = "curve=" + keyParam.value;
+                        } else {
+                            dualKeyType = "rsa-ex";
+                            keySize = parseInt(keyParam.value);
+                        }
+                    } else if (signingKeyOnly == 'true') {
+                        if (keyTypeOptions("") == "EC") {
+                            dualKeyType = "ec-sign";
+                            keyParams = "curve=" + keyParam.value;
+                        } else {
+                            dualKeyType = "rsa-sign";
+                            keySize = parseInt(keyParam.value);
+                        }
+                        keyTransportCert = null;
                     } else {
-                        keySize = parseInt(keyParam.value);
+                        if (keyTypeOptions("") == "EC") {
+                            dualKeyType = "ec-dual-use";
+                            keyParams = "curve=" + keyParam.value;
+                        } else {
+                            keySize = parseInt(keyParam.value);
+                        }
+                        keyTransportCert = null;
                     }
                     crmfObject = crypto.generateCRMFRequest(
                         "CN=x", "regToken", "authenticator",
-        	        null, "setCRMFRequest();",
+        	        keyTransportCert, "setCRMFRequest();",
                         keySize, keyParams, dualKeyType);
                 }
             } catch (e) {
@@ -536,36 +558,36 @@
 document.writeln('</table>');
 document.writeln('<p>');
 document.writeln('<table width=100%>');
-for (var j = 0; j < inputPluginListSet.length; j++) {
+for (var m = 0; m < inputPluginListSet.length; m++) {
   document.writeln('<tr>');
   document.writeln('<td spancol=2>');
   document.writeln('<b>');
   document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
-  document.writeln(inputPluginListSet[j].inputPluginName);
+  document.writeln(inputPluginListSet[m].inputPluginName);
   document.writeln('</FONT>');
   document.writeln('</b>');
   document.writeln('</td>');
   document.writeln('</tr>');
-  for (var i = 0; i < inputListSet.length; i++) {
-    if (inputPluginListSet[j].inputPluginId != inputListSet[i].inputPluginId) 
+  for (var n = 0; n < inputListSet.length; n++) {
+    if (inputPluginListSet[m].inputPluginId != inputListSet[n].inputPluginId) 
        continue;
     document.writeln('<tr>');
     document.writeln('<td width=40%>');
     document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
     document.writeln('<li>');
-    document.writeln(inputListSet[i].inputName);
+    document.writeln(inputListSet[n].inputName);
     document.writeln('</FONT>');
     document.writeln('</td>');
     document.writeln('<td>');
-    if (inputListSet[i].inputSyntax == 'string') {
-      document.writeln('<input type=text name=' + inputListSet[i].inputId + '>');
-    } else if (inputListSet[i].inputSyntax == 'cert_request') {
-      document.writeln('<textarea cols=60 rows=10 name=' + inputListSet[i].inputId + '></textarea>');
-    } else if (inputListSet[i].inputSyntax == 'cert_request_type') {
-      document.writeln('<select name=' + inputListSet[i].inputId + '><option value="pkcs10">PKCS#10</option><option value="crmf">CRMF</option></select>');
-    } else if (inputListSet[i].inputSyntax == 'dual_keygen_request') {
+    if (inputListSet[n].inputSyntax == 'string') {
+      document.writeln('<input type=text name=' + inputListSet[n].inputId + '>');
+    } else if (inputListSet[n].inputSyntax == 'cert_request') {
+      document.writeln('<textarea cols=60 rows=10 name=' + inputListSet[n].inputId + '></textarea>');
+    } else if (inputListSet[n].inputSyntax == 'cert_request_type') {
+      document.writeln('<select name=' + inputListSet[n].inputId + '><option value="pkcs10">PKCS#10</option><option value="crmf">CRMF</option></select>');
+    } else if (inputListSet[n].inputSyntax == 'dual_keygen_request') {
       if (navigator.appName == "Microsoft Internet Explorer") { 
-        document.writeln('<input type=hidden name=' + inputListSet[i].inputId + '>');
+        document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
       } else if (typeof(crypto.version) != "undefined") {
         document.write('<SELECT NAME="encKeyParam">'+keyLengthsCurvesOptions("encryption")+'</SELECT>');
         document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;');
@@ -578,35 +600,48 @@
       } else {
         document.writeln('Not Supported<input type=hidden name=cert_request value="">');
       }
-    } else if (inputListSet[i].inputSyntax == 'keygen_request') {
+    } else if ((inputListSet[n].inputSyntax == 'keygen_request') ||
+               (inputListSet[n].inputSyntax == 'enc_keygen_request') ||
+               (inputListSet[n].inputSyntax == 'sign_keygen_request')) {
       if (navigator.appName == "Microsoft Internet Explorer") { 
-        document.writeln('<input type=hidden name=' + inputListSet[i].inputId + '>');
+        document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
         document.writeln('<SELECT NAME="keyLength">'+keyLengthsCurvesOptions("")+'</SELECT>&nbsp;&nbsp;<SELECT NAME=\"cryptprovider\"></SELECT>');
       } else if (typeof(crypto.version) != "undefined") {
         document.write('<SELECT NAME="keyParam">'+keyLengthsCurvesOptions("")+'</SELECT>');
         document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
-        document.write('&nbsp;&nbsp;&nbsp;'+keyTypeOptions("")+'&nbsp;&nbsp;(Encryption and Signing)</FONT>');
+        document.write('&nbsp;&nbsp;&nbsp;'+keyTypeOptions("")+'&nbsp;&nbsp;');
+        if (inputListSet[n].inputSyntax == 'keygen_request') {
+          document.write('(Encryption and Signing)</FONT>');
+        } else if (inputListSet[n].inputSyntax == 'enc_keygen_request') {
+          document.write('(Encryption)</FONT>');
+          encryptionKeyOnly = 'true';
+        } else if (inputListSet[n].inputSyntax == 'sign_keygen_request') {
+          document.write('(Signing)</FONT>');
+          signingKeyOnly = 'true';
+        }
         document.writeln('<input type=hidden name=cert_request value="">');
       } else {
-        document.writeln('<KEYGEN name=' + inputListSet[i].inputId + '>');
+        document.writeln('<KEYGEN name=' + inputListSet[n].inputId + '>');
       }
-    } else if (inputListSet[i].inputSyntax == 'dual_keygen_request_type') {
+    } else if (inputListSet[n].inputSyntax == 'dual_keygen_request_type') {
       keygen_request = 'true';
       if (navigator.appName == "Microsoft Internet Explorer") {
-        document.writeln('Not Supported<input type=hidden name=' + inputListSet[i].inputId + ' value=>');
+        document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
       } else if (typeof(crypto.version) != "undefined") {
-        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[i].inputId + ' value=crmf>');
+        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
       } else {
-        document.writeln('Not Supported<input type=hidden name=' + inputListSet[i].inputId + ' value=>');
+        document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
       }
-    } else if (inputListSet[i].inputSyntax == 'keygen_request_type') {
+    } else if ((inputListSet[n].inputSyntax == 'keygen_request_type') ||
+               (inputListSet[n].inputSyntax == 'enc_keygen_request_type') ||
+               (inputListSet[n].inputSyntax == 'sign_keygen_request_type')) {
       keygen_request = 'true';
       if (navigator.appName == "Microsoft Internet Explorer") {
-        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">pkcs10</FONT><input type=hidden name=' + inputListSet[i].inputId + ' value=pkcs10>');
+        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">pkcs10</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=pkcs10>');
       } else if (typeof(crypto.version) != "undefined") {
-        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[i].inputId + ' value=crmf>');
+        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
       } else {
-        document.writeln('keygen<input type=hidden name=' + inputListSet[i].inputId + ' value=keygen>');
+        document.writeln('keygen<input type=hidden name=' + inputListSet[n].inputId + ' value=keygen>');
       }
     }
     document.writeln('</td>');