Generating the master key
Use the keygen program to generate master keys.
To generate the master key, run the following command from the console:
keygen master <masterkeypath> <tripletkeypath> <master_key_id>
- masterkeypath is the location on your portable memory device where you want to store the master key.
- tripletkeypath is the location on your portable memory device where you want to store the triplet keys. The triplet keys are later physically distributed to the IBM® Safer Payments instances.
- master_key_id is the numeric ID for the new generated master key. Every master key that is used by your IBM Safer Payments installation must have its unique ID.
The key generator guides you through the process of generating a master key. You need two master key holders for this process and the masterkeypath and tripletkeypath subdirectories must exist.
The master key is stored as masterkeypath/master_key_private_<master_key_id>.iris and is created together with tripletkeypath/revoked_keys.iris.
If the two master key holders activate the master key that you generated, you can generate any number of usage keys.
You can now directly proceed to Generating usage key triplets, or shut down the PC and store the portable memory device at a safe place until you need to generate usage keys.