3.9.5 Keys

ZTrust employs authentication protocols that require cryptographic signatures and encryption to ensure secure communication. It uses asymmetric key pairs, which consist of a private key and a public key, to achieve this.

• At any given time, only one key pair is actively used for generating new signatures.

• Multiple passive key pairs are retained for verifying previously issued signatures.

• This approach allows for seamless key rotation without affecting users or causing downtime.

Fig 3.9.5.a: Keys, Secure Communication with Key Pairs

Click the Refresh button to see the latest settings.

Fig 3.9.5.b: Keys, Specify the page size

You can also choose how many keys you want to display on one screen. Select your preferred option from the dropdown menu as shown above.

You can use the search box to find a specific key.

Algorithm - Specifies the encryption algorithm used to generate the keys.

Active - The Active Key is the Key that is actively utilized when ZTrust is being used.

Type - This denotes the Type of Encryption Algorithm that has been utilized.

Kid - The Key ID — a unique identifier generated using the algorithm.

Use - Defines how the key is used. For example, ENC signifies encryption.

Provider - Indicates the origin or source of the algorithm used by ZTrust.

Valid to - Specifies the expiration date of the key.

Public Key - Contains the public key used to authenticate the sender of encrypted data.

Fig 3.9.5.c: Keys, Public key

Certificate - Displays the certificate issued to the provider for authenticity. If present, it confirms the key’s validity.

Fig 3.9.5.d: Keys, Certificate

Key Categories

ZTrust organizes keys into three categories:

1. Active Keys

• Actively used for signing and encryption.

• Only one active key pair exists at any time.

2. Passive Keys

• Keys retained for verifying older signatures.

• Cannot be modified or directly used.

• Useful during key rotation to avoid authentication issues.

3. Disabled Keys

• Keys that are no longer in use and have been intentionally disabled.

• Can be searched, viewed, or deleted if no longer needed.

Fig 3.9.5.e: Keys, Specify key categories

You can select the keys you want to view by clicking on the dropdown menu.

Passive

Fig 3.9.5.f: Keys, Search Passive key

In the Passive Keys section, the Keys are listed, with which there is no direct engagement or interactions. You won’t have any control over these keys.

You can use the search box to find a specific key.

Click the Refresh button to see the latest settings.

Fig 3.9.5.g: Keys, Select the page format

You can also choose how many keys you want to display on one screen. Select your preferred option from the dropdown menu as shown above.

Disabled

Fig 3.9.5.h: Keys, Select disabled keys

It lists down the Keys that are not enabled or are not intended for use.

You can use the search box to find a specific key.

Click the Refresh button to see the latest settings.

You can also choose how many keys you want to display on one screen. Select your preferred option from the dropdown menu as shown above.

Fig 3.9.5.i: Keys, Add and Manage Provider Settings

After clicking on Add provider, you will be redirected to the screen shown above.

You can move the providers up and down (by dragging the rows up and down) as per the priorities.

Within the Providers section, you have the option to generate a Key pair, along with a self-signed certificate.

Name

It indicates the provider's display name as shown in the Admin Console.

It also displays the option chosen from the dropdown menu.

Provider

It indicates the source or origin of the Algorithms being used by ZTrust.

Provider description

This specifies a concise description that can help you in identifying the purpose of the profile.

Fig 3.9.5.j: Keys, Provider description

By clicking on the three dots, you will see the option to delete.

If you no longer need a provider, select Delete to remove it.

After clicking Delete, you will receive a confirmation prompt.

Fig 3.9.5.k: Keys, Delete key provider

Click Delete to proceed with removal, or click Cancel to abort.

After clicking on Add provider, the following prompt will appear. You can select the provider you need from the options.

Fig 3.9.5.l: Keys, Specify keys for add providers

Select the most suitable provider option from the menu based on your requirements.

For example, rsa-generated is selected here.

This action will lead you to the following screen.

Fig 3.9.5.m: Keys, Specify add providers

Name

It indicates the provider's display name as shown in the Admin Console.

It also displays the option chosen from the dropdown menu.

Priority

This field pertains to the priority of the provider.

Enter any number here. The value determines whether the new Key pair becomes the Active Key pair. The highest numerical value designates the key pair as active.

Enabled

This toggle button determines whether the generated Key will be enabled or disabled.

When enabled (toggled ON), the key will be enabled. It will be either Active or Passive, but it won't be Disabled.

If deactivated (toggled OFF), the key will be Disabled and will appear under the Disabled tab.

Active

This toggle button, when enabled (toggled ON), the newly generated Key will be created as an Active Key and will appear under the Active Keys tab.

Conversely, when it's disabled (toggled OFF), the Key will be designated as a Passive key and will be visible under the Passive Keys tab.

Key Size

Fig 3.9.5.n: Keys, Specify key size

This specifies the size of the generated Key.

You can select the preferred option from the dropdown menu as per your requirements.

Algorithm

Fig 3.9.5.o: Keys, Specify algorithm

This indicates the desired Algorithm for the Key.

You can click on the dropdown menu and choose the most suitable option based on your needs.

Save

Once you've entered the details, if you wish to proceed and generate the key, simply click on the Save button.

Cancel

If you prefer not to generate a key with the provided information, click on the Cancel button to discard the changes.