Purpose: Secure, auditable generation of CA keys
Participants: At least 3-4 persons (split control)
Duration: 2-4 hours
Formal procedure for generating CA keys with split responsibility and audit trail.
| Reason | Description |
| ——– | ————- |
| Compliance | ISO 27001, BSI baseline protection, WebTrust |
| Split control | No single person has complete access |
| Auditability | Documented, verifiable process |
| Integrity | Proof of correct key generation |
| Role | Responsibility | Min. Count |
| —— | —————- | ———— |
| Ceremony Lead | Leads process, documents | 1 |
| Crypto Officer | Holds key share, performs actions | 2+ |
| Auditor/Witness | Observes, signs protocol | 1 |
| IT Security | Approves, monitors compliance | 1 (optional) |
| # | Task | Responsible | Done |
| — | —— | ————- | —— |
| 1 | Reserve room (no windows, CCTV) | Ceremony Lead | |
| 2 | Prepare HSM/air-gap system | IT | |
| 3 | Participants confirmed | Lead | |
| 4 | Provide smartcards/USB drives | Lead | |
| 5 | Print protocol template | Lead | |
| 6 | Organize photographer/video (optional) | Lead |
1. Identify all participants (check ID) 2. Start protocol with: - Date, time, location - All attendees (name, role, signature) 3. Collect mobile phones 4. Explain purpose of ceremony 5. Confirm roles
# Verify air-gap system # 1. Network disabled? ip link show # No active interfaces # 2. Check BIOS boot log dmesg | grep -i network # 3. Check HSM status (if used) /opt/hsm/bin/status # Expected result: Uninitialized or Ready
#!/bin/bash # key-ceremony-generate.sh echo "=== ROOT CA KEY GENERATION ===" echo "Date: $(date -Iseconds)" echo "System: $(hostname)" # 1. Check entropy quality echo "" echo "--- Entropy Check ---" cat /proc/sys/kernel/random/entropy_avail # Expected result: > 3000 # 2. Generate Root CA key echo "" echo "--- Key Generation ---" # ECDSA P-384 (Classic) openssl ecparam -genkey -name secp384r1 -noout -out root-ca-ecdsa.key echo "ECDSA P-384: $(openssl ec -in root-ca-ecdsa.key -text -noout 2>&1 | head -1)" # ML-DSA-87 (Post-Quantum) - if OpenSSL 3.6+ openssl genpkey -algorithm ML-DSA-87 -out root-ca-mldsa.key 2>/dev/null if [ $? -eq 0 ]; then echo "ML-DSA-87: Generated" else echo "ML-DSA-87: Not available (OpenSSL < 3.6)" fi # 3. Record key fingerprints echo "" echo "--- Key Fingerprints ---" openssl ec -in root-ca-ecdsa.key -pubout -outform DER 2>/dev/null | sha256sum # Record: SHA256 = ... # 4. Create CSR (for cross-certification or self-signed) echo "" echo "--- CSR Generation ---" openssl req -new -key root-ca-ecdsa.key \ -out root-ca.csr \ -subj "/CN=Example Organization Root CA/O=Example Organization/C=DE" # 5. Create self-signed root echo "" echo "--- Self-Signed Certificate ---" openssl x509 -req -in root-ca.csr \ -signkey root-ca-ecdsa.key \ -out root-ca.pem \ -days 9125 \ -extfile root-ca.ext \ -sha384 # Verify certificate openssl x509 -in root-ca.pem -text -noout | head -30
# Shamir Secret Sharing echo "=== KEY SPLIT ===" # 5 shares, 3 needed for recovery cat root-ca-ecdsa.key | ssss-split -t 3 -n 5 -w root-ca-share # Write shares to smartcards/USB for i in 1 2 3 4 5; do echo "Share $i -> Smartcard/USB $i" # cp root-ca-share-$i /mnt/smartcard-$i/ done # Securely delete original key shred -vfz -n 3 root-ca-ecdsa.key rm root-ca-ecdsa.key
# 1. Can certificate sign? echo "Test signature..." echo "test" | openssl dgst -sha384 -sign root-ca-ecdsa.key 2>/dev/null && echo "OK" # 2. Can key shares be combined? ssss-combine -t 3 << EOF <Share-1> <Share-2> <Share-3> EOF > /tmp/restored.key # Compare diff <(openssl ec -in /tmp/restored.key -pubout) <(openssl ec -in root-ca-ecdsa.key -pubout)
1. Seal key shares in tamper-evident bags 2. Each crypto officer receives their share 3. Backup shares to safe(s) 4. Record bag serial numbers 5. Collect handover signatures
1. Securely delete all temporary files shred -vfz -n 3 /tmp/*.key /tmp/*.pem 2. Shut down system (air-gap) 3. Complete protocol: - End time - All signatures - Photo/video index 4. Seal and archive protocol
KEY CEREMONY PROTOCOL ===================== Ceremony ID: KC-2024-001 Date: ________________ Start: _______ End: _______ Location: ____________________________ PARTICIPANTS: | Name | Role | ID No. | Signature | |------|------|--------|-----------| | | | | | | | | | | | | | | | | | | | | KEY DETAILS: - Algorithm: ECDSA P-384 / ML-DSA-87 - Key ID: _______________ - Public Key Hash (SHA256): ______________________ - Certificate Serial: _______________ - Validity: _______ to _______ KEY SHARES: | Share | Bag No. | Custodian | Handover Signature | |-------|---------|-----------|-------------------| | 1 | | | | | 2 | | | | | 3 | | | | | 4 | | | | | 5 | | | | VERIFICATION: [ ] Entropy > 3000 [ ] Key successfully generated [ ] Certificate self-signed [ ] Key shares created (3-of-5) [ ] Shares verified [ ] Original key deleted [ ] Shares distributed and sealed CLOSING: [ ] Temporary files deleted [ ] System shut down [ ] Protocol complete _______________________________ Ceremony Lead Signature _______________________________ Auditor/Witness Signature
# Luna HSM Key Ceremony /usr/safenet/lunaclient/bin/lunacm << 'EOF' # Create partition partition create -label "Root-CA" # Generate key partition contents -slot 0 generateKeyPair -keyType ECDSA -curvetype secp384r1 -label "root-ca-2024" # Create backup partition backup -serialNumber <HSM-Serial> EOF
| # | Checkpoint | Done |
| — | ———— | —— |
| 1 | At least 3 persons present | |
| 2 | Identities verified | |
| 3 | Air-gap system verified | |
| 4 | Sufficient entropy | |
| 5 | Key generated | |
| 6 | Shares created and distributed | |
| 7 | Shares verified | |
| 8 | Original key securely deleted | |
| 9 | Protocol signed | |
| 10 | Protocol archived |
« <- CA Backup/Restore | -> Emergency Revocation »
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional