Master key generation process
Figure 1 shows the computational actions that are involved in master key generation.
The master key that is used by Safer Payments to encrypt and decrypt data is generated by two sets of at least 80 random characters that are hashed by MD5, creating a 256-bit length root key. The two sets of random characters are each generated by combining at least 40 random keystrokes from a user with 40 machine-generated random characters. This master key is never stored or made accessible to users. Rather, using the two passphrases of the key holders, the master key is encrypted with the AES-256 algorithm.
The encrypted master key is stored in a safe place and is used, together with the passphrases of the key holders, to create the usage key triplets. The usage key triplets are the only keys that are used during Safer Payments operations.
This is also the reason why the key generator is provided as a separate utility program rather than a part of Safer Payments. Not even the encrypted master key must ever be stored on the Safer Payments server host. Use a different computer to create the encrypted master key, store it in a safe place, and generate usage key triplets whenever needed.