Keys

Overview

In MOSIP every cryptographic key is referred by an Application ID and Reference ID.
Refer Key Manager for further details.

Various keys used in MOSIP

S No.
Key
Application ID
Reference ID
Key type
Objects
Storage
Generated by
Comment
K1
Kernel Root
ROOT
-
RSA 2048
Private key, self signed certificate
HSM-1
Country
Auto generated by key generator
K2
Registration
REGISTRATION
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K3
PreReg
PRE_REGISTRATION
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K4
Kernel Sign
KERNEL
SIGN
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K5
Registration Processor
REGISTRATION_PROCESSOR
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K6
PMS
PMS
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K7
ID Repo
ID_REPO
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K7.1
ID Repo
ID_REPO
demographic_data
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K7.2
ID Repo
ID_REPO
biometric_data
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K7.3
ID Repo
ID_REPO
identity_data
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K7.4
ID Repo
ID_REPO
uin
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K7.5
ID Repo
ID_REPO
credential_request
RSA 2048
Private key, certifcate signed by ID Repo
KeyMgr DB
System
Auto-generated when accessed
K8
Resident Services
RESIDENT
-
RSA 2048
Private key, certifcate signed by Kernel Root
HSM-1
Country
Auto generated by key generator
K9
Kernel Identity Cache
KERNEL
IDENTITY_CACHE
AES 256
Symmetric key
HSM-1
Country
Auto generated by key generator
K10
Registration Client (TPM)
-
-
RSA 2048
Private key, certificate
Client TPM (private key), Server DB (Certificate)
Registration Client Software
Auto generatde by Registration Client Software in TPM
K11
Registration Client Packet Encryption
REGISTRATION
CenterID_MachineID
RSA 2048
Private key, certificate signed by registration
Server DB (private key), Client DB (Certificate)
System
Auto-generated when accessed
K12
Data Share (10000 keys) for zero knowledge encryption
-
-
AES 256
Symmetric key, encrypted by Kernel Identity Cache
KeyMgr DB
System
Auto generated by key generator
K13
CA / Sub-CA certificates
-
-
X.509
Certificates
PMS DB
CA
Manually Uploaded
K14
PARTNER
PartnerID
X.509
Certificates signed by CA
PMS DB
Partners
Manually Uploaded
K15
IDA Root
ROOT
-
RSA 2048
Private key, self signed certificate
HSM-2
Country
Auto generated by key generator

Partner keys

SNo.
Partners
Application ID
ReferenceID
Partner Domain
Partner Type Code
PK1
ABIS
PARTNER
mpartner-default-abis (or partner ID)
AUTH
ABIS_Partner
PK2
Device Providers
PARTNER
Partner ID
DEVICE
Device_Provider
PK3
Print Service Provider
PARTNER
mpartner-default-print (or partner ID)
AUTH
Credential_Partner
PK4
Auth Providers or Relying Party
PARTNER
Partner ID
AUTH
Auth_Partner
PK5
FTM Providers (per Chip Model)
PARTNER
Partner ID
FTM
FTM_Provider
PK6
MISP
PARTNER
Partner ID
AUTH
MISP_Partner
PK7
Manual Adjudicator
PARTNER
mpartner-default-manual-adjudication (or partner ID)
AUTH
Manual_Adjudication
PK8
IDA system
PARTNER
mpartner-default-auth (or partner ID)
AUTH
Online_Verification_Partner
PK9
Resident Services
PARTNER
mpartner-default-resident (or partner ID)
AUTH
Credential_Partner

Device specific keys

S No.
Key
Key type
Objects
Storage
Generated by
Comment
DKL0
Device key SBI CL 1.0
RSA 2048
Private key, self signed certificate
Host machine TPM/key store
Auto generated by SBI Service
DKL1
Device key SBI CL2.0
RSA 2048
Private key, self signed certificate
FTM
SBI Service
Auto generated by SBI Service
FK1
FTM key
RSA 2048
Private key, FTM Provider issued certificate
FTM
FTM
DE1
Biometric encryption random session key
AES>=256
No storage, key is created with TRNG/DRBG inside FTM
FTM
FK2
Secure boot
RSA>=256
Private key, self signed certificate
FTM
FTM Provider
Key never leaves FTM
Export as PDF
Copy link
Edit on GitHub