Keys
Overview
In MOSIP every cryptographic key is referred by an Application ID and Reference ID.
Refer Key Manager for further details.
Various keys used in MOSIP
K1
Kernel Root
ROOT
-
RSA 2048
Private key, self signed certificate
HSM-1
Country
Auto generated by key generator
K2
Registration
REGISTRATION
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K3
PreReg
PRE_REGISTRATION
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K4
Kernel Sign
KERNEL
SIGN
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K5
Registration Processor
REGISTRATION_PROCESSOR
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K6
PMS
PMS
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K7
ID Repo
ID_REPO
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K7.1
ID Repo
ID_REPO
demographic_data
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K7.2
ID Repo
ID_REPO
biometric_data
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K7.3
ID Repo
ID_REPO
identity_data
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K7.4
ID Repo
ID_REPO
uin
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K7.5
ID Repo
ID_REPO
credential_request
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K8
Resident Services
RESIDENT
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K9
Kernel Identity Cache
KERNEL
IDENTITY_CACHE
AES 256
Symmetric key
HSM-1
Country
Auto generated by key generator
K10
Registration Client (TPM)
-
-
RSA 2048
Private key, certificate
Client TPM (private key), Server DB (Certificate)
Registration Client Software
Auto generatde by Registration Client Software in TPM
K11
Registration Client Packet Encryption
REGISTRATION
CenterID_MachineID
RSA 2048
Private key, certificate signed by registration
Server DB (private key), Client DB (Certificate)
System
Auto-generated when accessed
K12
Data Share (10000 keys) for zero knowledge encryption
-
-
AES 256
Symmetric key, encrypted by Kernel Identity Cache
KeyMgr DB
System
Auto generated by key generator
K13
CA / Sub-CA certificates
-
-
X.509
Certificates
PMS DB
CA
Manually Uploaded
K14
PARTNER
PartnerID
X.509
Certificates signed by CA
PMS DB
Partners
Manually Uploaded
K15
IDA Root
ROOT
-
RSA 2048
Private key, self signed certificate
HSM-2
Country
Auto generated by key generator
K16
IDA
IDA
-
RSA 2048
Private key, certificate signed by IDA Root
HSM-2
Country/IDA Partner
Auto generated by key generator
K17
IDA Sign
IDA
SIGN
RSA 2048
Private key, certificate signed by IDA Root
HSM-2
Country
Auto generated by key generator
K18
IDA Identity Cache
IDA
IDENTITY_CACHE
AES 256
Symmetric key
HSM-2
Country
Auto generated by key generator
K19
IDA Internal
IDA
INTERNAL
RSA 2048
Private key, certificate signed by IDA
IDA DB
System
Auto-generated when accessed
K20
IDA Partner
IDA
PARTNER
RSA 2048
Private key, certificate signed by IDA
IDA DB
System
Auto-generated when accessed
K21
IDA FIR
IDA
FIR
RSA 2048
Private key, certificate signed by IDA
IDA DB
System
Auto-generated when accessed
K22
IDA Cred Service
IDA
CRED_SERVICE
RSA 2048
Private key, certificate signed by IDA
IDA DB
System
Auto-generated when accessed
Partner keys
PK1
ABIS
PARTNER
mpartner-default-abis (or partner ID)
AUTH
ABIS_Partner
PK2
Device Providers
PARTNER
Partner ID
DEVICE
Device_Provider
PK3
Print Service Provider
PARTNER
mpartner-default-print (or partner ID)
AUTH
Credential_Partner
PK4
Auth Providers or Relying Party
PARTNER
Partner ID
AUTH
Auth_Partner
PK5
FTM Providers (per Chip Model)
PARTNER
Partner ID
FTM
FTM_Provider
PK6
MISP
PARTNER
Partner ID
AUTH
MISP_Partner
PK7
Manual Adjudicator
PARTNER
mpartner-default-manual-adjudication (or partner ID)
AUTH
Manual_Adjudication
PK8
IDA system
PARTNER
mpartner-default-auth (or partner ID)
AUTH
Online_Verification_Partner
PK9
Resident Services
PARTNER
mpartner-default-resident (or partner ID)
AUTH
Credential_Partner
Device specific keys
DKL0
RSA 2048
Private key, self signed certificate
Host machine TPM/key store
Auto generated by SBI Service
DKL1
RSA 2048
Private key, self signed certificate
SBI Service
Auto generated by SBI Service
FK1
FTM key
RSA 2048
Private key, FTM Provider issued certificate
FTM
FTM
DE1
Biometric encryption random session key
AES>=256
No storage, key is created with TRNG/DRBG inside FTM
FTM
FK2
Secure boot
RSA>=256
Private key, self signed certificate
FTM
FTM Provider
Key never leaves FTM
Last updated