This service accepts an RSA or ECC private key token in either external or internal format, or an RSA or ECC public key token or trusted blocks and writes a new record to the PKDS. An application can create a null token in the PKDS by specifying a token length of zero. The key label must be unique.