Key Management

TrustGrid Key Management

TrustGrid securely stores identities in a distributed ledger. The ledger service is provided by trusted execution nodes running Microsoft’s CCF.

TrustGrid Consortium Ledger Keys

• Ledger Encryption Secret Wrapping Key (Kz) - Wraps the Ledger Secret, used when exporting the ledger secret shares to members.

• Ledger Encryption Secret (Sd) - Ledger secret used in encrypting ledger secrets or private ledger entries.

• Consortium Credential Encryption Key - Protects Identity owner’s encrypted credentials. This is global in a consortium.

TrustGrid Consortium Access Levels

• Identity Owner - is an end-user. Identity owners can have confidential credentials, which are stored encrypted.

• Member - is a member, which can access the core level consortium API. Member APIs can query identities.

• Service - is access to core consortium level API. Service API’s can add/remove the identities and add/remove the services.

TrustGrid Core Consortium Access Keys

• Core Consortium Member ID Key Pair (CCF Member ID) - is a key internally used by TrustGrid to call core consortium APIs for its daily operations.

• Core Consortium Member Encryption Key Pair (CCF Member Enc) - is a key used internally by TrustGrid, which is used for receiving secret shares from the consortium for ledger maintenance

• Consortium Authentication Key - Authenticates the access for TrustGrid identity owners. This is global in a consortium

• Identity Owner Key Pair - This key is used to generate a signed consent which enables sharing credentials to another identity owner.

TrustGrid Consortium Ledger Keys

Key Material on the ledger level is internal to TrustGrid. The key material is mainly used for maintaining the confidentiality, integrity, and authenticity of the ledger. Registered Identity owners only have access to Identity APIs.