Usage key triplet generation process

The usage key triplet generation requires the left and right master key passphrases, and thus the presence of the key holders. Two key holders for the two public subkeys of each usage key triplet are also required. The key holders can be the same persons.

Figure 1 illustrates the process.

Figure 1. Private triplet subkey generation process
This image is explained in the surrounding text.

The encrypted master key is read from file and using the two master passphrases is decrypted in main memory only. From this decrypted version of the master key each usage key triplet is generated by encrypting the master key with a new pair of passphrases.

The result of this process is the private triplet subkey, which must be stored in the key directory of the Safer Payments installation. Because the file system of the Safer Payments server host is a protected area, this provides an added level of security.

A good key generation practice is to generate a number of usage key triplets in advance and then use them when they are needed.

Important: Safer Payments can reconstruct the master key in main memory from each private triplet subkey, using the two public subkeys for decryption.