[Pki-users] Dogtag profile for encryption certificate with storing private key in DRM/KRA

Hi All, What I want is simple profile for requesting encryption(not sign) personal certificate that will private key be stored in KRA/DRM. I check existing profiles and found profile that name and description meet the goals I want to achieve. *CaEncUserCert.cfg* this profile was not visible I change that. I opened this profile in end user CA application *Certificate Profile - Manual User Encryption Certificates Enrollment * This certificate profile is for enrolling user encryption certificates with option to archive keys. *Certificate Request Input * - Certificate Request Type list ( pcks10 or crmf) - Certificate Request (text area for request) * Subject Name * -fields with info about user(propably should be same values that were in certificate request) *Requestor Information *- info about requestor How it's possible to store private key without even sending it to CA? can be private key enclosed into "Certificate Request"? If answer is no - as I think why there is a "option to archieve keys"? Marcin