Digi-CA™

[1] The Root CA, that is at the top of the hierarchy of the CA environment, as well as Subordinate CAs residing on a lower level of the CA hierarchy, are created using the Key Ceremony. The Key Ceremony is conducted and supervised by the Key Ceremony Administrator with an optional support of Key Generation Ceremony Administrator and the procedure is carried out with the following primary responsibilities:

• Generating Cryptographic Key Pairs
• Creating properly named and configured CAs.
• Creating CAs in a secure, auditable manner that can be trusted.
• Providing ongoing CA support and maintenance.

To meet these responsibilities, the Key Ceremony Administrator is involved in every phase of the CA life cycle. The six phases of the CA life cycle are described in the following sub sections:

1.Key Generation Ceremony

2.Definition

3.Preparation

4.Creation

5.Activation

6.Maintenance

7.Recertification

• Key Generation Ceremony

During a Key Ceremony in which a CA is created, usually either new cryptographic key pair is generated and assigned to a new CA or alternatively a previously generated (pre-generated) key pair can be assigned to a new CA. Cryptographic key pairs are generated during a key generation ceremony, that itself can either be a separate event (i.e. previously performed Key Generation Ceremony or a Key Ceremony related to recertification of an existing CA) or a part of the entire Key Ceremony and the latter is described in this manual. There are typically three phases of the Key Generation Ceremony and these are described in the following sub sections:

1.Key Access Component Card Set Configuration
2.Key Pair Generation