Site-key Admin
What is a Site-key Administrator?
The site-key administrator's role involves the following activities:
- Generation of the site-key public-private key pair. This is accomplished via the site-key part of tiCrypt's front end.
- Stewardship of the private site-key.
- Creation and deletion of escrow groups
- Addition and removal of escrow users
Both the site key and private key must be guarded with great care because they can escrow other users' keys and serve as the escrow keys.
Various escrow scenarios may occur that involve the Site-key admin and a Super-admin.
A Site-key is a key that is used for very limited and specific scenarios that involve escrow users.
In tiCrypt, there is a single site-key admin.
If the site-key is compromised, the security of the user's keys can be as well compromised.
Site-key actions do not take effect until a tiCrypt administrator adds them to the system using the certificates interface.
This site-key admin is not one that is involved and/or uses tiCrypt the way a user, admin, or super admin does.
The site-key admin is the only user in the system that must be signed off by Tera Insights.
The site-key administration is fully dissociated from the tiCrypt backend and does not require any backend access.
The site-key is only used to sign digital orders that indicate escrow users and group administration.
Once signed, the site-key administration orders can be safely emailed or transferred via common means to the tiCrypt administrator.
The Site-key admin is a remote individual who can add and remove escrow users as well as add and remove escrow groups.
It is highly recommended Internet access is disabled during site-key activities.
Create and activate Site-key
To create a Site-key:
- The user must select the interface dropdown to
Site-key
located at the top right side of the login box.
This is defaulted to tiCrypt
.
- Once a user navigates to the correct interface, they can register by selecting the green button.
- They will be directed to a step that explains how the system generates both a
unique private and public key
that defines who the user is.
The private key
must be protected at all costs and must never be distributed.
The public key
, on the other hand, may not only be released but must be given to Tera Insights for countersigning.- Next, the user creates a
password
and then they are directed to download and save both their private and public keys. At this step, there is a default name for both the public and private keys.
The user may choose to download with the default or give each of their keys a name.
The generated key is inactive until counter-signed by Terra Insights and a super-admin.
- Next, the user must email their
public key
to Tera Insights in order for their key to be registered as the site-key for the system. Once the key is countersigned, the user may log in with theirprivate key
as follows.
Create escrow groups
To create an escrow group:
The Site-key admin must log in, and select the
Group
icon located at the top right side of the screen.A modal appears that prompts the user to give the new group a
name
.Once the user clicks , the request will appear in the dashboard.
- If the user would like to edit the request, they can do so by clicking the blue button located at the bottom left of the request.
- If the user would like to completely delete the request, they can do so by clicking the red button.
To continue with the request, the user must sign it by checking the
Sign
box on the bottom right, and then entering theirpassword
.Next, the user must export the certificate by selecting the
Export certificate
button to the right of the Signed Certificates heading.A modal appears that prompts the user to name the exported version of the request then the user must click .
Next, the user must email the downloaded request file to a super-admin in the system.
From there, a super admin must log in to the tiCrypt interface by going to the tab, and navigating to the
Signed Escrow Actions
.From there, the user must select the
Plus
icon located at the top right side of the screen and drag in the requested file that was emailed to them by the site-key admin.Once dropped, the super admin must sign by clicking the check box, and click
Reassign the site-key
It is not common nor encouraged to change the site-key admin unless the site-key password is lost. In the case that it is a necessity, a user must go through the same steps that they take to register as a site-key admin. They must send the public key
to Tera Insights so we can sign off on it.