Skip to main content

Site Key Admin Role in Key Escrow

tiCrypt employs a site key mechanism, overseen by the Site-key Administrator, to manage escrow users effectively. For a site key to be operative, it must be counter-signed by Tera Insights, LLC and integrated into the tiCrypt backend through a configuration file.

Site Key Activities Include:

  • Key Pair Generation: The site-key administrator generates a public-private key pair using tiCrypt’s front-end dedicated to site-key operations.
  • Private Key Stewardship: Maintaining the security of the private site key is critical as it underpins the security of the escrow keys, and by extension, the user keys. The integrity of the site-key is vital to prevent potential compromises.
  • Escrow Group Management: The administrator is responsible for creating and disbanding escrow groups according to operational needs.
  • Escrow User Management: This involves adding new escrow users to groups and removing them as required to maintain the security and functionality of the system.

These responsibilities ensure that the Site-key Administrator plays a pivotal role in maintaining the security framework of tiCrypt, safeguarding user data through meticulous key and access management.

note

The site-key administration is fully dissociated form the tiCrypt backend and does not require any backend access.

tip

Site-key actions do not take effect until a tiCrypt administrator adds them to the system using the certificates interface.

note

There is a single site-key admin in every system. If the site-key admin leaves the organization, a new set of site keys is produced.

Site-Keys

A Site-key is a unique private key used for very specific scenarios involving escrow users.

The Site-Key is:

  • Received and counter-signed by Tera Insights LLC.
  • Fully dissociated from the backend.
  • Can be shared only via super-admin collaboration.
  • Only used to sign digital orders that indicate escrow users and group administration.
  • Once signed it is safely emailed or transferred via thumb drives to the tiCrypt super-administrator.
note

The system does not know where the site key resides.

Create and Activate a New Site-key

To create a Site-key, navigate to the tiCrypt Connect desktop application in your browser.

  1. On the login page, click the dropdown button in the top right center.
  2. Select .
  3. Click green button.

Registration Process

  • Step 1: Your site-keys are generated.
  • Step 2: Confirm your registration by typing and re-typing your private key password, then click Register.
  • Step 3: Your site keys are downloaded. View and store the prv.json and pub.json files securely. Optionally, click Redownload public/private key if needed.
danger

Important: The private key pub.json file must never be shared.

note

You may choose to download the public/private key files with the default name or give each of them a custom name.

info

The generated public key prv.json file is inactive until counter-signed by Tera Insights.

Logging In

Once counter-signed, log in with your private key pub.json file:

  1. On the login page, click the dropdown button as before.
  2. Select and click .
  3. In the prompt, select your private key file and click .

Create Escrow Groups

For Site-key Administrators:

  1. Navigate to the tiCrypt Connect and follow the steps to load your key.
  2. Click , type a group name, and click .
  3. Verify and sign your group certificate, then click to download it.
  4. Email the exported file to a super-admin for further processing.

For Super-admins:

Execute signed escrow group orders by navigating to the tab in the Escrow Certificates section. Follow the instructions to upload, edit, or delete escrow certificates as needed.

Add Escrow Certificate(s) to Users

For orders to take effect, a super-admin must add them in the Escrow Certificates section. This allows Site-key administrators to sign user certificates.

Reassign the Site-key

Reassigning the Site-key admin should be avoided unless necessary. If you must reassign, resend the public key to Tera Insights for re-signature.

Important Considerations for Digital Signatures:

  • Ensure the signing process is conducted offline in a secured environment.
  • Control and monitor who can be an escrow user.
  • Work collaboratively within the escrow group to recover user private keys.