Usage key triplet generation process
Usage key triplets are generated by the keygen program.
The usage key triplet generation requires the left and right master key passphrases, and thus the presence of the key holders. Two key holders for the two public subkeys of each usage key triplet are also required. The key holders can be the same persons.
Figure 1 illustrates the process.
The encrypted master key is read from file and by using the two master passphrases is decrypted in main memory only. From this decrypted version of the master key, each usage key triplet is generated by encrypting the master key with a new pair of passphrases.
The result of this process is the private triplet subkey, which must be stored in the key directory of the IBM® Safer Payments installation. The file system of the IBM Safer Payments server host is a protected area, which provides an added level of security.
A good key generation practice is to generate a number of usage key triplets in advance and then use them when they are needed.