It is my understanding that using "crypto key generate rsa" will generate two keys for use with SSH.  One is a private key stored in NVRAM which cannot be accessed, and the other key is a public key. 

I believe this command should generate one general purpose key, and no usage keys, because usage key is not specified in the command, and the default when the key type is not specified is general purpose key.

Therefore, I would expect the output of this command to simply show one public key of general purpose type when issuing the command 'show crypto key mypubkey rsa'.

However,  two public keys are generated.  One key says Usage: Encryption Key, and is named domainname.com.server, and the other key says Usage: General Purpose key and is named domainname.com.  

Why are two public keys created with this command?

The command documentation (link below) says that the command should only create one key pair (and therefore one public key) when specifying general purpose keys, and should only create two public keys (two key pairs) when using usage keys.

Strangely, the output specifies that one of the keys is Usage: Encryption, which doesn't make sense to me.  The reason it does not make sense is because encryption is a sub-type of usage keys, and shouldn't be appearing here as I didn't specify usage keys. No usage key should have been created because I'm using the command default of general purpose keys. 

Secondly, if I am wrong about the default and it is generating a usage key, the documentation below says it should generate a signature key at the same time, which I don't see in the output.  Thirdly, the documentation says one command cannot generate both types of keys, so how do we get a general purpose key and an encryption key from running one command? 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-xe-3se-3850-cr-book/sec-a1-xe-3se-3850-cr-book_chapter_0110.pdf