# Keys ## Overview In MOSIP every cryptogrphic key is referred by an Application Id and Reference Id. Refer [Keymanager](https://github.com/mosip/keymanager/tree/1.2.0-rc2) for further details. ## Various keys used in MOSIP | S No. | Key | Application ID | Reference ID | Key type | Objects | Storage | Generated by | Comment | | ----- | ----------------------------------------------------- | ----------------------- | ------------------- | -------- | ------------------------------------------------- | ------------------------------------------------- | ---------------------------- | ----------------------------------------------------- | | K1 | Kernel Root | ROOT | - | RSA 2048 | Private key, self signed certificate | HSM-1 | Country | Auto generated by key generator | | K2 | Registration | REGISTRATION | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K3 | PreReg | PRE\_REGISTRATION | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K4 | Kernel Sign | KERNEL | SIGN | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K5 | Registration Processor | REGISTRATION\_PROCESSOR | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K6 | PMS | PMS | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K7 | ID Repo | ID\_REPO | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K7.1 | ID Repo | ID\_REPO | demographic\_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K7.2 | ID Repo | ID\_REPO | biometric\_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K7.3 | ID Repo | ID\_REPO | identity\_data | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K7.4 | ID Repo | ID\_REPO | uin | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K7.5 | ID Repo | ID\_REPO | credential\_request | RSA 2048 | Private key, certifcate signed by ID Repo | KeyMgr DB | System | Auto-generated when accessed | | K8 | Resident Services | RESIDENT | - | RSA 2048 | Private key, certifcate signed by Kernel Root | HSM-1 | Country | Auto generated by key generator | | K9 | Kernel Identity Cache | KERNEL | IDENTITY\_CACHE | AES 256 | Symmetric key | HSM-1 | Country | Auto generated by key generator | | K10 | Registration Client (TPM) | - | - | RSA 2048 | Private key, certificate | Client TPM (private key), Server DB (Certificate) | Registration Client Software | Auto generatde by Registration Client Software in TPM | | K11 | Registration Client Packet Encryption | REGISTRATION | CenterID\_MachineID | RSA 2048 | Private key, certificate signed by registration | Server DB (private key), Client DB (Certificate) | System | Auto-generated when accessed | | K12 | Data Share (10000 keys) for zero knowledge encryption | - | - | AES 256 | Symmetric key, encrypted by Kernel Identity Cache | KeyMgr DB | System | Auto generated by key generator | | K13 | CA / Sub-CA certificates | - | - | X.509 | Certificates | PMS DB | CA | Manually Uploaded | | K14 | [Partner certificates](#Partner-keys) | PARTNER | PartnerID | X.509 | Certificates signed by CA | PMS DB | Partners | Manually Uploaded | | K15 | IDA Root | ROOT | - | RSA 2048 | Private key, self signed certificate | HSM-2 | Country | Auto generated by key generator | | K16 | IDA | IDA | - | RSA 2048 | Private key, certificate signed by IDA Root | HSM-2 | Country/IDA Partner | Auto generated by key generator | | K17 | IDA Sign | IDA | SIGN | RSA 2048 | Private key, certificate signed by IDA Root | HSM-2 | Country | Auto generated by key generator | | K18 | IDA Identity Cache | IDA | IDENTITY\_CACHE | AES 256 | Symmetric key | HSM-2 | Country | Auto generated by key generator | | K19 | IDA Internal | IDA | INTERNAL | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed | | K20 | IDA Partner | IDA | PARTNER | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed | | K21 | IDA FIR | IDA | FIR | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed | | K22 | IDA Cred Service | IDA | CRED\_SERVICE | RSA 2048 | Private key, certificate signed by IDA | IDA DB | System | Auto-generated when accessed | ## Partner keys | SNo. | Partners | Application ID | ReferenceID | Partner Domain | Partner Type Code | | ---- | ------------------------------- | -------------- | ---------------------------------------------------- | -------------- | ----------------------------- | | PK1 | ABIS | PARTNER | mpartner-default-abis (or partner ID) | AUTH | ABIS\_Partner | | PK2 | Device Providers | PARTNER | Partner ID | DEVICE | Device\_Provider | | PK3 | Print Service Provider | PARTNER | mpartner-default-print (or partner ID) | AUTH | Credential\_Partner | | PK4 | Auth Providers or Relying Party | PARTNER | Partner ID | AUTH | Auth\_Partner | | PK5 | FTM Providers (per Chip Model) | PARTNER | Partner ID | FTM | FTM\_Provider | | PK6 | MISP | PARTNER | Partner ID | AUTH | MISP\_Partner | | PK7 | Manual Adjudicator | PARTNER | mpartner-default-manual-adjudication (or partner ID) | AUTH | Manual\_Adjudication | | PK8 | IDA system | PARTNER | mpartner-default-auth (or partner ID) | AUTH | Online\_Verification\_Partner | | PK9 | Resident Services | PARTNER | mpartner-default-resident (or partner ID) | AUTH | Credential\_Partner | ## Device specific keys | S No. | Key | Key type | Objects | Storage | Generated by | Comment | | ----- | ------------------ | -------- | ------------------------------------ | ---------------- | ------------ | -------------------------- | | DKL0 | Device key SBI 1.0 | RSA 2048 | Private key, self signed certificate | Host machine TPM | MDS | Auto generated by MDS | | DKL1 | Device key SBI 2.0 | RSA 2048 | Private key, self signed certificate | FTM | FTM Provider | Fused during manufacturing | | FK1 | FTM key | | | | | |