The root key is never stored on the CA server.Įxample B: Machine Readable Travel Document ID Card or e Passport The customer may opt to have the root key stored in a hardware security module, but in most cases, the safe storage of the root Key on a CD or hard disk is admissible. Unless the information being accessed or transmitted is valued in terms of millions of dollars, it is generally adequate that the root key ceremony be conducted within the security of the vendor's laboratory. These digital certificates are made from a public and a private key.Įxample A: These passcodes are used for Strong identification and non-repudiation for email and web access The keys and certificates mentioned are the credentials and safeguards for the system. Prompts for information from this zone can be done through a server. A root key is a term for a unique passcode that must be generated for secure server interaction with a protective network, usually called the root zone. A commonly recognized practice is to follow the SAS 70 standard for root key ceremonies.Īt the heart of every certificate authority (CA) is at least one root key or root certificate and usually at least one intermediate root certificate. Depending on the certificate policy, the generation of the root keys may require notarization, legal representation, witnesses, and "key holders" to be present, as the information on the system is the responsibility of the parties. In public-key cryptography and computer security, a root key ceremony is a procedure where a unique pair of public and private root keys is generated. Ī public example is the signing of the DNS root zone for DNSSEC. In cryptography, a key ceremony is a ceremony held to generate or use a cryptographic key. ( Learn how and when to remove this template message) ( April 2022) ( Learn how and when to remove this template message) There might be a discussion about this on the talk page.
This article may be confusing or unclear to readers.