Keys
Overview
In MOSIP every cryptographic key is referred by an Application ID and Reference ID.
Refer Key Manager for further details.
Various keys used in MOSIP
| S No. | Key | Application ID | Reference ID | Key type | Objects | Storage | Generated by | Comment |
|---|---|---|---|---|---|---|---|---|
K1 | Kernel Root | ROOT | - | RSA 2048 | Private key, self signed certificate | HSM-1 | Country | Auto generated by key generator |
K2 | Registration | REGISTRATION | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator |
K3 | PreReg | PRE_REGISTRATION | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator |
K4 | Kernel Sign | KERNEL | SIGN | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator |
K5 | Registration Processor | REGISTRATION_PROCESSOR | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator |
K6 | PMS | PMS | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator |
K7 | ID Repo | ID_REPO | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator |
K7.1 | ID Repo | ID_REPO | demographic_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed |
K7.2 | ID Repo | ID_REPO | biometric_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed |
K7.3 | ID Repo | ID_REPO | identity_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed |
K7.4 | ID Repo | ID_REPO | uin | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed |
K7.5 | ID Repo | ID_REPO | credential_request | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed |
K8 | Resident Services | RESIDENT | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator |
K9 | Kernel Identity Cache | KERNEL | IDENTITY_CACHE | AES 256 | Symmetric key | HSM-1 | Country | Auto generated by key generator |
K10 | Registration Client (TPM) | - | - | RSA 2048 | Private key, certificate | Client TPM (private key), Server DB (Certificate) | Registration Client Software | Auto generatde by Registration Client Software in TPM |
K11 | Registration Client Packet Encryption | REGISTRATION | CenterID_MachineID | RSA 2048 | Private key, certificate signed by registration | Server DB (private key), Client DB (Certificate) | System | Auto-generated when accessed |
K12 | Data Share (10000 keys) for zero knowledge encryption | - | - | AES 256 | Symmetric key, encrypted by Kernel Identity Cache | KeyMgr DB | System | Auto generated by key generator |
K13 | CA / Sub-CA certificates | - | - | X.509 | Certificates | PMS DB | CA | Manually Uploaded |
K14 | PARTNER | PartnerID | X.509 | Certificates signed by CA | PMS DB | Partners | Manually Uploaded | |
K15 | IDA Root | ROOT | - | RSA 2048 | Private key, self signed certificate | HSM-2 | Country | Auto generated by key generator |
K16 | IDA | IDA | - | RSA 2048 | Private key, certificate signed by IDA Root | HSM-2 | Country/IDA Partner | Auto generated by key generator |
K17 | IDA Sign | IDA | SIGN | RSA 2048 | Private key, certificate signed by IDA Root | HSM-2 | Country | Auto generated by key generator |
K18 | IDA Identity Cache | IDA | IDENTITY_CACHE | AES 256 | Symmetric key | HSM-2 | Country | Auto generated by key generator |
K19 | IDA Internal | IDA | INTERNAL | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed |
K20 | IDA Partner | IDA | PARTNER | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed |
K21 | IDA FIR | IDA | FIR | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed |
K22 | IDA Cred Service | IDA | CRED_SERVICE | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed |
Partner keys
| SNo. | Partners | Application ID | ReferenceID | Partner Domain | Partner Type Code |
|---|---|---|---|---|---|
PK1 | ABIS | PARTNER | mpartner-default-abis (or partner ID) | AUTH | ABIS_Partner |
PK2 | Device Providers | PARTNER | Partner ID | DEVICE | Device_Provider |
PK3 | Print Service Provider | PARTNER | mpartner-default-print (or partner ID) | AUTH | Credential_Partner |
PK4 | Auth Providers or Relying Party | PARTNER | Partner ID | AUTH | Auth_Partner |
PK5 | FTM Providers (per Chip Model) | PARTNER | Partner ID | FTM | FTM_Provider |
PK6 | MISP | PARTNER | Partner ID | AUTH | MISP_Partner |
PK7 | Manual Adjudicator | PARTNER | mpartner-default-manual-adjudication (or partner ID) | AUTH | Manual_Adjudication |
PK8 | IDA system | PARTNER | mpartner-default-auth (or partner ID) | AUTH | Online_Verification_Partner |
PK9 | Resident Services | PARTNER | mpartner-default-resident (or partner ID) | AUTH | Credential_Partner |
Device specific keys
| S No. | Key | Key type | Objects | Storage | Generated by | Comment |
|---|---|---|---|---|---|---|
DKL0 | Device key SBI CL 1.0 | RSA 2048 | Private key, self signed certificate | Host machine TPM/key store | Auto generated by SBI Service | |
DKL1 | Device key SBI CL2.0 | RSA 2048 | Private key, self signed certificate | SBI Service | Auto generated by SBI Service | |
FK1 | FTM key | RSA 2048 | Private key, FTM Provider issued certificate | FTM | FTM | |
DE1 | Biometric encryption random session key | AES>=256 | No storage, key is created with TRNG/DRBG inside FTM | FTM | ||
FK2 | Secure boot | RSA>=256 | Private key, self signed certificate | FTM | FTM Provider | Key never leaves FTM |
Last updated