====== Key Ceremony ======

<WRAP round info>
**Purpose:** Secure, auditable generation of CA keys \\
**Participants:** At least 3-4 persons (split control) \\
**Duration:** 2-4 hours
</WRAP>

Formal procedure for generating CA keys with split responsibility and audit trail.

----

===== Why Key Ceremony? =====

| Reason | Description |
|--------|-------------|
| **Compliance** | ISO 27001, BSI baseline protection, WebTrust |
| **Split control** | No single person has complete access |
| **Auditability** | Documented, verifiable process |
| **Integrity** | Proof of correct key generation |

----

===== Roles =====

<mermaid>
flowchart LR
    subgraph ROLES["ROLES"]
        R1[Ceremony Lead]
        R2[Crypto Officer 1]
        R3[Crypto Officer 2]
        R4[Auditor/Witness]
    end

    subgraph KEYS["KEYS"]
        K1[HSM Admin PIN]
        K2[Partition PIN]
        K3[Smartcard 1]
        K4[Smartcard 2]
    end

    R1 --> K1
    R2 --> K2 & K3
    R3 --> K4
    R4 -.->|Observes| R1 & R2 & R3
</mermaid>

| Role | Responsibility | Min. Count |
|------|----------------|------------|
| **Ceremony Lead** | Leads process, documents | 1 |
| **Crypto Officer** | Holds key share, performs actions | 2+ |
| **Auditor/Witness** | Observes, signs protocol | 1 |
| **IT Security** | Approves, monitors compliance | 1 (optional) |

----

===== Preparation =====

==== Checklist 24h Before ====

| # | Task | Responsible | Done |
|---|------|-------------|------|
| 1 | Reserve room (no windows, CCTV) | Ceremony Lead | |
| 2 | Prepare HSM/air-gap system | IT | |
| 3 | Participants confirmed | Lead | |
| 4 | Provide smartcards/USB drives | Lead | |
| 5 | Print protocol template | Lead | |
| 6 | Organize photographer/video (optional) | Lead | |

==== Materials ====

  * Air-gap laptop or HSM
  * Smartcards for key shares
  * USB drives (new, sealed)
  * Camera for documentation
  * Tamper-evident bags
  * Protocol forms
  * Pens (non-erasable)

----

===== Ceremony Process =====

==== Phase 1: Opening (15 min) ====

<code>
1. Identify all participants (check ID)
2. Start protocol with:
   - Date, time, location
   - All attendees (name, role, signature)
3. Collect mobile phones
4. Explain purpose of ceremony
5. Confirm roles
</code>

==== Phase 2: Hardware Verification (30 min) ====

<code bash>
# Verify air-gap system
# 1. Network disabled?
ip link show  # No active interfaces

# 2. Check BIOS boot log
dmesg | grep -i network

# 3. Check HSM status (if used)
/opt/hsm/bin/status
# Expected result: Uninitialized or Ready
</code>

==== Phase 3: Key Generation (60 min) ====

<code bash>
#!/bin/bash
# key-ceremony-generate.sh

echo "=== ROOT CA KEY GENERATION ==="
echo "Date: $(date -Iseconds)"
echo "System: $(hostname)"

# 1. Check entropy quality
echo ""
echo "--- Entropy Check ---"
cat /proc/sys/kernel/random/entropy_avail
# Expected result: > 3000

# 2. Generate Root CA key
echo ""
echo "--- Key Generation ---"

# ECDSA P-384 (Classic)
openssl ecparam -genkey -name secp384r1 -noout -out root-ca-ecdsa.key
echo "ECDSA P-384: $(openssl ec -in root-ca-ecdsa.key -text -noout 2>&1 | head -1)"

# ML-DSA-87 (Post-Quantum) - if OpenSSL 3.6+
openssl genpkey -algorithm ML-DSA-87 -out root-ca-mldsa.key 2>/dev/null
if [ $? -eq 0 ]; then
    echo "ML-DSA-87: Generated"
else
    echo "ML-DSA-87: Not available (OpenSSL < 3.6)"
fi

# 3. Record key fingerprints
echo ""
echo "--- Key Fingerprints ---"
openssl ec -in root-ca-ecdsa.key -pubout -outform DER 2>/dev/null | sha256sum
# Record: SHA256 = ...

# 4. Create CSR (for cross-certification or self-signed)
echo ""
echo "--- CSR Generation ---"
openssl req -new -key root-ca-ecdsa.key \
    -out root-ca.csr \
    -subj "/CN=Example Organization Root CA/O=Example Organization/C=DE"

# 5. Create self-signed root
echo ""
echo "--- Self-Signed Certificate ---"
openssl x509 -req -in root-ca.csr \
    -signkey root-ca-ecdsa.key \
    -out root-ca.pem \
    -days 9125 \
    -extfile root-ca.ext \
    -sha384

# Verify certificate
openssl x509 -in root-ca.pem -text -noout | head -30
</code>

==== Phase 4: Key Split (30 min) ====

<code bash>
# Shamir Secret Sharing
echo "=== KEY SPLIT ==="

# 5 shares, 3 needed for recovery
cat root-ca-ecdsa.key | ssss-split -t 3 -n 5 -w root-ca-share

# Write shares to smartcards/USB
for i in 1 2 3 4 5; do
    echo "Share $i -> Smartcard/USB $i"
    # cp root-ca-share-$i /mnt/smartcard-$i/
done

# Securely delete original key
shred -vfz -n 3 root-ca-ecdsa.key
rm root-ca-ecdsa.key
</code>

==== Phase 5: Verification (20 min) ====

<code bash>
# 1. Can certificate sign?
echo "Test signature..."
echo "test" | openssl dgst -sha384 -sign root-ca-ecdsa.key 2>/dev/null && echo "OK"

# 2. Can key shares be combined?
ssss-combine -t 3 << EOF
<Share-1>
<Share-2>
<Share-3>
EOF > /tmp/restored.key

# Compare
diff <(openssl ec -in /tmp/restored.key -pubout) <(openssl ec -in root-ca-ecdsa.key -pubout)
</code>

==== Phase 6: Storage (15 min) ====

<code>
1. Seal key shares in tamper-evident bags
2. Each crypto officer receives their share
3. Backup shares to safe(s)
4. Record bag serial numbers
5. Collect handover signatures
</code>

==== Phase 7: Closing (15 min) ====

<code>
1. Securely delete all temporary files
   shred -vfz -n 3 /tmp/*.key /tmp/*.pem

2. Shut down system (air-gap)

3. Complete protocol:
   - End time
   - All signatures
   - Photo/video index

4. Seal and archive protocol
</code>

----

===== Protocol Template =====

<code>
KEY CEREMONY PROTOCOL
=====================

Ceremony ID: KC-2024-001
Date: ________________
Start: _______ End: _______
Location: ____________________________

PARTICIPANTS:
| Name | Role | ID No. | Signature |
|------|------|--------|-----------|
|      |      |        |           |
|      |      |        |           |
|      |      |        |           |
|      |      |        |           |

KEY DETAILS:
- Algorithm: ECDSA P-384 / ML-DSA-87
- Key ID: _______________
- Public Key Hash (SHA256): ______________________
- Certificate Serial: _______________
- Validity: _______ to _______

KEY SHARES:
| Share | Bag No. | Custodian | Handover Signature |
|-------|---------|-----------|-------------------|
| 1     |         |           |                   |
| 2     |         |           |                   |
| 3     |         |           |                   |
| 4     |         |           |                   |
| 5     |         |           |                   |

VERIFICATION:
[ ] Entropy > 3000
[ ] Key successfully generated
[ ] Certificate self-signed
[ ] Key shares created (3-of-5)
[ ] Shares verified
[ ] Original key deleted
[ ] Shares distributed and sealed

CLOSING:
[ ] Temporary files deleted
[ ] System shut down
[ ] Protocol complete

_______________________________
Ceremony Lead Signature

_______________________________
Auditor/Witness Signature
</code>

----

===== HSM Key Ceremony =====

<code bash>
# Luna HSM Key Ceremony
/usr/safenet/lunaclient/bin/lunacm << 'EOF'

# Create partition
partition create -label "Root-CA"

# Generate key
partition contents -slot 0
generateKeyPair -keyType ECDSA -curvetype secp384r1 -label "root-ca-2024"

# Create backup
partition backup -serialNumber <HSM-Serial>

EOF
</code>

----

===== Checklist =====

| # | Checkpoint | Done |
|---|------------|------|
| 1 | At least 3 persons present | |
| 2 | Identities verified | |
| 3 | Air-gap system verified | |
| 4 | Sufficient entropy | |
| 5 | Key generated | |
| 6 | Shares created and distributed | |
| 7 | Shares verified | |
| 8 | Original key securely deleted | |
| 9 | Protocol signed | |
| 10 | Protocol archived | |

----

===== Related Documentation =====

  * [[.:ca-backup-restore|CA Backup/Restore]] - Key recovery
  * [[.:notfall-revocation|Emergency Revocation]] - On compromise
  * [[en:int:pqcrypt:business:compliance|Compliance]] - Regulatory requirements

----

<< [[.:ca-backup-restore|<- CA Backup/Restore]] | [[.:notfall-revocation|-> Emergency Revocation]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>key-ceremony hsm audit compliance operator}}