# Keys ## Overview In MOSIP every cryptographic key is referred by an Application ID and Reference ID. Refer [Key Manager](/1.2.0/id-lifecycle-management/supporting-components/keymanager.md) for further details. ## Various keys used in MOSIP | S No. | Key | Application ID | Reference ID | Key type | Objects | Storage | Generated by | Comment | | ----- | ----------------------------------------------------- | ----------------------- | ------------------- | -------- | ------------------------------------------------- | ------------------------------------------------- | ---------------------------- | ----------------------------------------------------- | | K1 | Kernel Root | ROOT | - | RSA 2048 | Private key, self signed certificate | HSM-1 | Country | Auto generated by key generator | | K2 | Registration | REGISTRATION | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K3 | PreReg | PRE\_REGISTRATION | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K4 | Kernel Sign | KERNEL | SIGN | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K5 | Registration Processor | REGISTRATION\_PROCESSOR | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K6 | PMS | PMS | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K7 | ID Repo | ID\_REPO | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K7.1 | ID Repo | ID\_REPO | demographic\_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K7.2 | ID Repo | ID\_REPO | biometric\_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K7.3 | ID Repo | ID\_REPO | identity\_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K7.4 | ID Repo | ID\_REPO | uin | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K7.5 | ID Repo | ID\_REPO | credential\_request | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K8 | Resident Services | RESIDENT | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K9 | Kernel Identity Cache | KERNEL | IDENTITY\_CACHE | AES 256 | Symmetric key | HSM-1 | Country | Auto generated by key generator | | K10 | Registration Client (TPM) | - | - | RSA 2048 | Private key, certificate | Client TPM (private key), Server DB (Certificate) | Registration Client Software | Auto generatde by Registration Client Software in TPM | | K11 | Registration Client Packet Encryption | REGISTRATION | CenterID\_MachineID | RSA 2048 | Private key, certificate signed by registration | Server DB (private key), Client DB (Certificate) | System | Auto-generated when accessed | | K12 | Data Share (10000 keys) for zero knowledge encryption | - | - | AES 256 | Symmetric key, encrypted by Kernel Identity Cache | KeyMgr DB | System | Auto generated by key generator | | K13 | CA / Sub-CA certificates | - | - | X.509 | Certificates | PMS DB | CA | Manually Uploaded | | K14 | [Partner certificates](#Partner-keys) | PARTNER | PartnerID | X.509 | Certificates signed by CA | PMS DB | Partners | Manually Uploaded | | K15 | IDA Root | ROOT | - | RSA 2048 | Private key, self signed certificate | HSM-2 | Country | Auto generated by key generator | | K16 | IDA | IDA | - | RSA 2048 | Private key, certificate signed by IDA Root | HSM-2 | Country/IDA Partner | Auto generated by key generator | | K17 | IDA Sign | IDA | SIGN | RSA 2048 | Private key, certificate signed by IDA Root | HSM-2 | Country | Auto generated by key generator | | K18 | IDA Identity Cache | IDA | IDENTITY\_CACHE | AES 256 | Symmetric key | HSM-2 | Country | Auto generated by key generator | | K19 | IDA Internal | IDA | INTERNAL | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed | | K20 | IDA Partner | IDA | PARTNER | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed | | K21 | IDA FIR | IDA | FIR | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed | | K22 | IDA Cred Service | IDA | CRED\_SERVICE | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed | ## Partner keys | SNo. | Partners | Application ID | ReferenceID | Partner Domain | Partner Type Code | | ---- | ------------------------------- | -------------- | ---------------------------------------------------- | -------------- | ----------------------------- | | PK1 | ABIS | PARTNER | mpartner-default-abis (or partner ID) | AUTH | ABIS\_Partner | | PK2 | Device Providers | PARTNER | Partner ID | DEVICE | Device\_Provider | | PK3 | Print Service Provider | PARTNER | mpartner-default-print (or partner ID) | AUTH | Credential\_Partner | | PK4 | Auth Providers or Relying Party | PARTNER | Partner ID | AUTH | Auth\_Partner | | PK5 | FTM Providers (per Chip Model) | PARTNER | Partner ID | FTM | FTM\_Provider | | PK6 | MISP | PARTNER | Partner ID | AUTH | MISP\_Partner | | PK7 | Manual Adjudicator | PARTNER | mpartner-default-manual-adjudication (or partner ID) | AUTH | Manual\_Adjudication | | PK8 | IDA system | PARTNER | mpartner-default-auth (or partner ID) | AUTH | Online\_Verification\_Partner | | PK9 | Resident Services | PARTNER | mpartner-default-resident (or partner ID) | AUTH | Credential\_Partner | ## Device specific keys | S No. | Key | Key type | Objects | Storage | Generated by | Comment | | ----- | ---------------------------------------------------------------------------------------------------------- | -------- | ---------------------------------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | | DKL0 | Device key [SBI CL 1.0](https://github.com/mosip/documentation/blob/1.2.0/docs/broken-reference/README.md) | RSA 2048 | Private key, self signed certificate | Host machine TPM/key store | [SBI Service](https://github.com/mosip/documentation/blob/1.2.0/docs/secure-biometric-interface/README.md#sbi-service) | Auto generated by SBI Service | | DKL1 | Device key [SBI CL2.0](https://github.com/mosip/documentation/blob/1.2.0/docs/broken-reference/README.md) | RSA 2048 | Private key, self signed certificate | [FTM](/1.2.0/id-lifecycle-management/supporting-components/biometrics/ftm.md) | SBI Service | Auto generated by SBI Service | | FK1 | FTM key | RSA 2048 | Private key, FTM Provider issued certificate | FTM | FTM | [FTM Provider](/1.2.0/id-lifecycle-management/support-systems/partner-management-services/partners.md#partner-types) | | DE1 | Biometric encryption random session key | AES>=256 | No storage, key is created with TRNG/DRBG inside FTM | FTM | | | | FK2 | Secure boot | RSA>=256 | Private key, self signed certificate | FTM | FTM Provider | Key never leaves FTM | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.mosip.io/1.2.0/id-lifecycle-management/supporting-components/keymanager/keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.