Generation Events

Key Generation Ceremony

• 6. [1] The removable media disks holding backup copies of our keys will now be separated placed into sealed envelopes and sent to be held at separate bank deposit facilities immediately after this ceremony.
We note, that each media disk was removed from this computer sequentially for storage purposes in each of the indicated storage facilities.




• 7. The Key Generation Ceremony is now declared complete.

Controls

During the Key Generation Ceremony, at least two people from the Key Ceremony Attendees list of personnel were present at all times. No other personnel were permitted access to the room. The Cryptographic Operation Control Software required a PIN code to be entered before the software could communicate with any smart card (holding encryption key component [Key Access Component Card]) used during the Key Generation Ceremony.

6. Signing Event

• 6.1 Root CA Signing
1. An IBM compatible computer (hereafter referred to as "the computer") was set up in a room providing strict personnel access control, security camera monitoring [and electronic isolation from any computer networks].


2. The computer has a hard disk which has been pre-prepared with a fresh installation of a [Red Hat Enterprise Linux, version 5.0] operating system, the requisite HSM driver, nToken authentication PCI device, HSM device Support Software and the
Digi-CA™ PKI [2] System, both acting as the Cryptographic Operation Control Software. The software was tested for correct operation prior to the Key Ceremony by using an HSM reserved for backup purposes.


3. The hard disk installed in the computer contains an encrypted key repository, from which we will load necessary private keys into a securely protected operational memory of our HSM device.


4. The first HSM device (designated #1) was removed from production and connected to the computer prior to this ceremony and the event was monitored and supervised by an appointed company’s Head of Security. The Cryptographic Operation Control Software is now about to be used to cause the numbered (in section 3 above) operations to occur in the following sequence: 10.

During this step, the Key Ceremony Administrator, using the Cryptographic Operation Control Software, will create new self-signed Root CA Certificate and assign it to a dedicated private key that was previously generated during this ceremony.

To complete this process, the Key Ceremony Administrator will use a Naming Document, that contains the details of the new Root CA Certificate we are about to sign, to create a certificate profile configuration file, containing various certificate related information such as: Subject Distinguished Name, Validity Period, Signature Algorithm, Certificate Serial Number and Certificate extensions. The certificate profile configuration file will be used by the Cryptographic Operation Control Software to create the new Root CA certificate.

All attending Witnesses must ensure, that the certificate details entered into the certificate profile configuration file by the Key Ceremony Administrator, match the details contained in the Naming Document used during this ceremony. The new Root CA Certificate details must be taken from the section of the Naming Document specifically dedicated for the correct Root CA, for which the Root CA Certificate is created.

Key Ceremony Administrator will capture and store during this step any relevant informational output produced on the computer screen by the Cryptographic Operation Control Software in the Key Map Document.
Upon directing the Cryptographic Operation Control Software to sign the new Root CA Certificate, the dedicated private key will need to be loaded to the HSM securely protected operational memory.