Key generation steps
Use the keygen program to generate master keys and usage key triplets.
Key generation is conducted outside of IBM® Safer Payments with the keygen tool.
The process involves the following steps:
- You must generate master keys.
- The master keys are stored at a safe place and are never used by the IBM Safer Payments software.
- The master keys are used to generate usage keys and an empty no-fly list.
- Only usage keys and the no-fly list are used by the IBM Safer Payments software.
- If you want to obtain a PA-DSS certification at a future date, keep in mind that any storage media that is used to store or distribute keys is in scope of PA-DSS requirement 2.5.2.
- When the storage media is no longer required, it must be securely wiped or destroyed. For more information, see Running a secure wipe tool.
- You must protect and store all keys securely.
Prerequisites
Use a separate PC that is not connected to the internet to generate keys. To not block a complete
PC for the occasional key generation process, you can use a PC that is started from an OS boot CD.
The advantage is that even if you disconnect the PC temporarily from the internet, no malware logged
your data.
Note: You can use RHEL/CentOS 64-bit OS.
Obtain key generator
The keygen program is provided as part of a IBM Safer
Payments installation and is located in
/usr/bin/keygen
. Its integrity is checked when you download the installation image.
For more information, see Downloading the installation image.
Copy the contents to a portable memory location such as a memory card or USB stick.