Key management (keygen)

If keygen is used, IBM® Safer Payments uses key triplets that are generated by the keygen program.

Overview

The keys are stored on the file system in encrypted form. IBM Safer Payments reads those files and decrypts the key at run time by having two keyholders enter passphrases through the user interface.

The keygen program is provided as part of the IBM Safer Payments software delivery.

The keygen program uses master public keys to encrypt a random generated master key from which in subsequent steps any number of usage keys are generated. The master public key consists of two arbitrary passphrases of arbitrary length that are chosen by two master key holders. The encrypted master key is generated as a file that must be stored in a safe location.

When new usage keys are generated, keygen is called with the encrypted master key. The master key is decrypted by the two master key holders who enter their passphrases. Now the entry of two usage public keys creates a usage key triplet. The usage key triplet consists of two arbitrary passphrases of arbitrary length that are chosen by two usage key holders.

Each usage key triplet consists of the following subkeys:
  • One usage private triplet subkey that is manually distributed to all instances of a IBM Safer Payments cluster by the administrator.
  • One left public subkey that is known only to one usage key holder.
  • One right public subkey that is know only to another usage key holder.

To activate a usage key triplet, the IBM Safer Payments instance must have the usage private key available locally. The two public keys must be available either locally entered by the usage key holders, or received from another instance of the cluster. The private triplet subkeys are never transmitted between the instances. Therefore, the parts of a key are never located on the same medium.

IBM Safer Payments can keep multiple active and nonactive key triplets in the key management function, and can switch between the active ones. A nonactive triplet would be one where a subkey is not provided yet. While only one of the key triplets can be active at a time, it makes no difference, which of the key triplets is the active one.

Note: Generally, access to keys must be limited to the fewest number of custodians that are necessary. Also, keys must be stored securely in the fewest possible locations and forms. The licensee must ensure that such organizational duties are completed.
Note: Key triplets are differentiated by their number.

Key concepts

Key management that uses the keygen program has the following features:

  • You must generate master keys.
  • The master keys are stored at a safe place and are never used by the IBM Safer Payments software.
  • The master keys are used to generate usage keys and an empty no-fly list.
  • Only usage keys and the no-fly list are used by the IBM Safer Payments software.
  • If you want to obtain a PCI DSS certification in the future, keep in mind that any storage media that is used to store or distribute keys is in scope of PCI DSS requirement 3.6.
  • When the storage media is no longer required, it must be securely wiped or destroyed. For more information, see Running a secure wipe tool.
  • You must protect and store all keys securely.