The security of the BoB infrastructure relies heavily on strong cryptographic mechanisms to secure data integrity and data origin authentication. Secure management of the private encryption keys are therefore of utmost importance. This chapter provides an overview of which types of keys are used, and what they are used for.
Metadata
The Metadata, as described hereĀ and MTS4, are secured using both client- and server-side keys. The client-side keys are used for adding, updating and removing metadata pertaining to a participant. The server-side keys are used to sign the Metadata before it is being distributed to the participants, and hence needs to be validated by the receiving party.
...
How a Device Key is derived from the KDK is described in MTS2. As Device Keys are stored in non-secure environments, it is appropriate to regularly roll them. Likewise, it is also reasonable to rotate KSKsKDKs, as they are distributed over a potential large number of participants and devices. The required timing for updating the KDK is determined bilaterally between the participants, which would also affect any roll-over schedules. KDKs are generally valid for as long as they are available though the Devices API. During a roll-over several KDKs will normally have to be available, and the receiving party should accept them all as valid. As a key is no longer available through the API is , it must be removed from all validating devices.
...