Usage key triplet generation process

Usage key triplets are generated by the keygen program.

The usage key triplet generation requires the left and right master key passphrases, and thus the presence of the key holders. Two key holders for the two public subkeys of each usage key triplet are also required. The key holders can be the same persons.

Figure 1 illustrates the process.

Figure 1. Private triplet subkey generation process
This image is explained in the surrounding text.

The encrypted master key is read from file and by using the two master passphrases is decrypted in main memory only. From this decrypted version of the master key, each usage key triplet is generated by encrypting the master key with a new pair of passphrases.

The result of this process is the private triplet subkey, which must be stored in the key directory of the IBM® Safer Payments installation. The file system of the IBM Safer Payments server host is a protected area, which provides an added level of security.

A good key generation practice is to generate a number of usage key triplets in advance and then use them when they are needed.

Important: IBM Safer Payments can reconstruct the master key in main memory from each private triplet subkey by using the two public subkeys for decryption.