Versions Compared

Old Version 3

changes.mady.by.user Puneet Joshi

Saved on

compared with

New Version Current

changes.mady.by.user Puneet Joshi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note

This document is under review and is not meant for consumption as of now.

In MOSIP, we are using various keys for encryption or signing the data. Every key used needs to be generated and stored in a physical key store. This document details the various keys used in MOSIP.

...

Key

...

Application ID

...

Reference ID

...

Key type

...

Objects

...

Storage

...

Generated by

...

Comments

...

Kernel Root

...

ROOT

...

-

...

RSA 2048

...

Private key, self signed certificate

...

HSM-1

...

Country

...

Auto generated by key generator

...

Registration

...

REGISTRATION

-

...

RSA 2048

...

Private key, certifcate signed by Kernel Root

...

HSM-1

...

Country

...

Auto generated by key generator

...

PreReg

...

PRE_REGISTRATION

...

-

...

RSA 2048

...

Private key, certifcate signed by Kernel Root

...

HSM-1

...

Country

...

Auto generated by key generator

...

Kernel Sign

...

KERNEL

...

SIGN

...

RSA 2048

...

Private key, certifcate signed by Kernel Root

...

HSM-1

...

Country

...

Auto generated by key generator

...

Registration Processor

...

REGISTRATION_PROCESSOR

...

-

...

RSA 2048

...

Private key, certifcate signed by Kernel Root

...

HSM-1

...

Country

...

Auto generated by key generator

...

PMS

...

PMS

...

-

...

RSA 2048

...

Private key, certifcate signed by Kernel Root

...

HSM-1

...

Country

...

Auto generated by key generator

...

ID Repo

...

ID_REPO

...

-

...

RSA 2048

...

Private key, certifcate signed by Kernel Root

...

HSM-1

...

Country

...

Auto generated by key generator

...

Resident Services

...

RESIDENT

...

-

...

RSA 2048

...

Private key, certifcate signed by Kernel Root

...

HSM-1

...

Country

...

Auto generated by key generator

...

Kernel Identity Cache

...

KERNEL

...

IDENTITY_CACHE

...

AES 256

...

Symmetric key

...

HSM-1

...

Country

...

Auto generated by key generator

...

Registration Client (TPM)

-

-

...

RSA 2048

...

Private key, certificate

...

Client TPM (private key), Server DB (Certificate)

...

Registration Client Software

...

Auto generatde by Registration Client Software in TPM

...

Registration Client Packet Encryption

...

REGISTRATION

...

CenterID_MachineID

...

RSA 2048

...

Private key, certificate signed by registration

...

Server DB (private key), Client DB (Certificate)

...

System

...

Auto-generated when accessed

...

Data Share (10000 keys) for zero knowledge encryption

...

AES 256

...

Symmetric key, encrypted by Kernel Identity Cache

...

KeyMgr DB

...

System

...

Auto generated by key generator

...

CA / Sub-CA certificates

...

-

...

-

...

X.509

...

Certificates

...

PMS DB

...

CA

...

Manually Uploaded

...

Partner certificates*

...

PARTNER

...

PartnerID

...

X.509

...

Certificates signed by CA

...

PMS DB

...

Partners

...

Manually Uploaded

...

IDA Root

...

ROOT

...

-

...

RSA 2048

...

Private key, self signed certificate

...

HSM-2

...

Country

...

Auto generated by key generator

...

IDA

...

IDA

-

...

RSA 2048

...

Private key, certificate signed by IDA Root

...

HSM-2

...

Country/IDA Partner

...

Auto generated by key generator

...

IDA Sign

...

IDA

...

SIGN

...

RSA 2048

...

Private key, certificate signed by IDA Root

...

HSM-2

...

Country

...

Auto generated by key generator

...

IDA Identity Cache

...

IDA

...

IDENTITY_CACHE

...

AES 256

...

Symmetric key

...

HSM-2

...

Country

...

Auto generated by key generator

...

IDA Internal

...

IDA

...

INTERNAL

...

RSA 2048

...

Private key, certificate signed by IDA

...

IDA DB

...

System

...

Auto-generated when accessed

...

IDA Partner

...

IDA

...

PARTNER

...

RSA 2048

...

Private key, certificate signed by IDA

...

IDA DB

...

System

...

Auto-generated when accessed

...

IDA FIR

...

IDA

...

FIR

...

RSA 2048

...

Private key, certificate signed by IDA

...

IDA DB

...

System

...

Auto-generated when accessed

...

IDA Cred Service

...

IDA

...

CRED_SERVICE

...

RSA 2048

...

Private key, certificate signed by IDA

...

IDA DB

...

System

...

Auto-generated when accessed

* The various partner certificates needed in the current version of the MOSIP system are:

...

Partners

...

Application ID

...

ReferenceID

...

Partner Domain

...

Partner Type Code

...

ABIS

...

PARTNER

...

mpartner-default-abis (or partner ID)

...

AUTH

...

ABIS_Partner

...

Device Providers

...

PARTNER

...

Partner ID

...

DEVICE

...

Device_Provider

...

Print Service Provider

...

PARTNER

...

mpartner-default-print (or partner ID)

...

AUTH

...

Credential_Partner

...

Auth Providers or Relying Party

...

PARTNER

...

Partner ID

...

AUTH

...

Auth_Partner

...

FTM Providers (per Chip Model)

...

PARTNER

...

Partner ID

...

FTM

...

FTM_Provider

...

MISP

...

PARTNER

...

Partner ID

...

AUTH

...

MISP_Partner

...

Manual Adjudicator

...

PARTNER

...

mpartner-default-manual-adjudication (or partner ID)

...

AUTH

...

Manual_Adjudication

...

IDA system

...

PARTNER

...

mpartner-default-auth (or partner ID)

...

AUTH

...

Online_Verification_Partner

...

Resident Services

...

PARTNER

...

mpartner-default-resident (or partner ID)

...

AUTH

...

Moved to https://nayakrounak.gitbook.io/mosip-docs/privacy-and-security/keys