Skip to main content

Site-key Admin

What is a Site-key Administrator?

The site-key administrator's role involves the following activities:

  • Generation of the site-key public-private key pair. This is accomplished via the site-key part of tiCrypt's front end.
  • Stewardship of the private site-key.
  • Creation and deletion of escrow groups
  • Addition and removal of escrow users

Both the site key and private key must be guarded with great care because they can escrow other users' keys and serve as the escrow keys.

Various escrow scenarios may occur that involve the Site-key admin and a Super-admin.

A Site-key is a key that is used for very limited and specific scenarios that involve escrow users.

In tiCrypt, there is a single site-key admin.

danger

If the site-key is compromised, the security of the user's keys can be as well compromised.

caution

Site-key actions do not take effect until a tiCrypt administrator adds them to the system using the certificates interface.

caution

This site-key admin is not one that is involved and/or uses tiCrypt the way a user, admin, or super admin does.

info

The site-key admin is the only user in the system that must be signed off by Tera Insights.

note

The site-key administration is fully dissociated from the tiCrypt backend and does not require any backend access.

note

The site-key is only used to sign digital orders that indicate escrow users and group administration.

note

Once signed, the site-key administration orders can be safely emailed or transferred via common means to the tiCrypt administrator.

note

The Site-key admin is a remote individual who can add and remove escrow users as well as add and remove escrow groups.

tip

It is highly recommended Internet access is disabled during site-key activities.

Create and activate Site-key

To create a Site-key:

  1. The user must select the interface dropdown to Site-key located at the top right side of the login box.
note

This is defaulted to tiCrypt.

  1. Once a user navigates to the correct interface, they can register by selecting the green button.
  2. They will be directed to a step that explains how the system generates both a unique private and public key that defines who the user is.
danger

The private key must be protected at all costs and must never be distributed.

  1. The public key, on the other hand, may not only be released but must be given to Tera Insights for countersigning.
  2. Next, the user creates a password and then they are directed to download and save both their private and public keys. At this step, there is a default name for both the public and private keys.
note

The user may choose to download with the default or give each of their keys a name.

info

The generated key is inactive until counter-signed by Terra Insights and a super-admin.

Register as a Site-Key User
  1. Next, the user must email their public key to Tera Insights in order for their key to be registered as the site-key for the system. Once the key is countersigned, the user may log in with their private key as follows.
Login as a Site-Key

Create escrow groups

To create an escrow group:

  1. The Site-key admin must log in, and select the Group icon located at the top right side of the screen.

  2. A modal appears that prompts the user to give the new group a name.

  3. Once the user clicks , the request will appear in the dashboard.

tip
  • If the user would like to edit the request, they can do so by clicking the blue button located at the bottom left of the request.
  • If the user would like to completely delete the request, they can do so by clicking the red button.
  1. To continue with the request, the user must sign it by checking the Sign box on the bottom right, and then entering their password.

  2. Next, the user must export the certificate by selecting the Export certificate button to the right of the Signed Certificates heading.

  3. A modal appears that prompts the user to name the exported version of the request then the user must click .

  4. Next, the user must email the downloaded request file to a super-admin in the system.

  5. From there, a super admin must log in to the tiCrypt interface by going to the tab, and navigating to the Signed Escrow Actions.

  6. From there, the user must select the Plus icon located at the top right side of the screen and drag in the requested file that was emailed to them by the site-key admin.

  7. Once dropped, the super admin must sign by clicking the check box, and click

Reassign the site-key

note

It is not common nor encouraged to change the site-key admin unless the site-key password is lost. In the case that it is a necessity, a user must go through the same steps that they take to register as a site-key admin. They must send the public key to Tera Insights so we can sign off on it.