Register Site-key Admin Account
- How to register a site-key admin account.
- Site-key admin principles.
- How to activate the site-key.
- Reassigning the site-key to a new admin.
Register a Site-Key Admin Account
To create a site-key admin account in tiCrypt, follow these steps:
- Open Connect Application.
- Select your deployment card.
- In the login window, select the Site-key category.
- Click the Create new site key button in the center.
- In the new window, click Continue.
- Enter your password twice to confirm and decrypt your site-key.
- Click Continue.
- Select a folder to save your public-private site-key pair and click Save.
- Click Redownload private or public key if you need to download your site-key pair again.
- Click Continue to site key.
- Wait for the Tera Insights team to counter-sign your keys.
- Once the keys are counter-signed, click Load key on the login page.
- Open the counter-signed site-key file that you saved locally.
- You will now be logged in.
Each deployment can have only one Site-Key Administrator. This role is critical for system security, enabling the creation of escrow groups and the management of other users' keys. All site-key signing operations must be performed offline to ensure security.
Purpose of the Site-Key in tiCrypt
The Site-key is a unique private key designed for specific scenarios involving escrow users.
In tiCrypt, the site-key mechanism, managed by the Site-key Administrator, ensures effective management of escrow users. To function, the site key must be counter-signed by Tera Insights, LLC and integrated into the tiCrypt backend via a configuration file.
Site Key Activities Include:
- Key Pair Generation: The Site-key Administrator generates a public-private key pair using tiCrypt’s front-end dedicated to site-key operations.
- Private Key Stewardship: Maintaining the security of the private site-key is essential, as it underpins the security of escrow keys and, by extension, user keys.
- Escrow Group Management: The Administrator is responsible for creating and disbanding escrow groups according to operational needs.
- Escrow User Management: This involves adding new escrow users to groups and removing them as required to maintain system security and functionality.
These responsibilities highlight the pivotal role of the Site-Key Administrator in maintaining tiCrypt's security framework and safeguarding user data through meticulous key and access management.
The Site-Key is:
- Received and counter-signed by Tera Insights LLC.
- Fully dissociated from the tiCrypt backend.
- Can be shared only via super-admin collaboration.
- Only used to sign digital orders that indicate escrow users and group administration.
- Once signed, it is safely emailed or transferred via thumb drives to the tiCrypt super-administrator.
- The system does not know where the site-key resides.
- The site-key administration is fully dissociated form the tiCrypt backend and does not require any backend access.
- There is a single site-key admin in every system. If the site-key admin leaves the organization, a new set of site keys is produced.
The generated public key file (pub.json) remains inactive until it is counter-signed by Tera Insights.
Activating a New Site-Key
Site-keys are generated upon Site-key Admin account registration. Activation of the site-key can only be performed by the Tera Insights LLC team.
Reassigning the Site-Key to a New Site-Key Admin
Reassigning the Site-key to a new Site-key Administrator should be avoided unless necessary. If reassignment is necessary, resend the public key to Tera Insights for re-signature.
Important Considerations for Digital Signatures:
- Ensure the signing process is conducted offline in a secure environment.
- Control and monitor who can be an escrow user.
- Work collaboratively within the escrow group to recover user private keys.