Skip to main content

Sitekey Admin

What is the Purpose of the Site-Key in tiCrypt?

The Site-key is a unique private key designed for specific scenarios involving escrow users.

In tiCrypt, the site-key mechanism, managed by the Site-key Administrator, ensures effective management of escrow users. To function, the site key must be counter-signed by Tera Insights, LLC and integrated into the tiCrypt backend via a configuration file.

What are the Site-key Admin Activities?

  1. Key Pair Generation: The Site-key Administrator generates a public-private key pair using tiCrypt’s front-end dedicated to site-key operations.

  2. Private Key Stewardship: Maintaining the security of the private site-key is essential, as it underpins the security of escrow keys and, by extension, user keys.

  3. Escrow Group Management: The Site-key Administrator is responsible for creating and disbanding escrow groups according to operational needs.

  4. Escrow User Management: This involves adding new escrow users to groups and removing them as required to maintain system security and functionality.

These responsibilities highlight the pivotal role of the Site-key Administrator in maintaining tiCrypt's security framework and safeguarding user data through meticulous key and access management.

What is the Journey of the Site-key?

  1. Received and counter-signed by Tera Insights LLC.
  2. Fully dissociated from the tiCrypt backend.
  3. Can be shared only via super-admin collaboration.
  4. Only used to sign digital orders that indicate escrow users and group administration.
  5. Once signed, it is safely emailed or transferred via thumb drives to the tiCrypt super-administrator.
note
  • The system does not know where the site-key resides.
  • The site-key administration is fully dissociated form the tiCrypt backend and does not require any backend access.
  • There is a single site-key admin in every system. If the site-key admin leaves the organization, a new set of site-keys is produced.
info

The generated public key file (pub.json) of the site-key pair remains inactive until it is counter-signed by Tera Insights.