Enroll
This is the no-frills enrollment page for my XML Key Registration Service. Prior to using this service, the client and the service must agree on the following parameters:
- Shared secrets used as the basis for deriving HMAC signature keys and encryption keys
- A way to identify these keys in the XKRSS PDU's
- A Symmetric Encryption Algorithm used to protect a service generated keypair during registration and recovery.
This page is intended to facilitate the establishment of these parameters.
After choosing an encryption algorithm, individual shared secrets are generated for the Registration, Reissuance, Recovery and Revocation operations. The chosen encryption algorithm will be used to encrypt an RSA keypair in the case service keypair generation is indicated. The same algorithm will be used to encrypt the keypair in a successul Recovery operation.
A key name is also generated and associated with the shared secrets; in order to identify the signer, it is intended that this key name is included in a KeyInfo.KeyName element of the Signature element, carrying a signature computed with one of the shared secrets.
A single key name is used to identify all four shared secrets.
In the case that two keys are required for an XKRSS request/response pair, the same shared secret is used as the basis for both key derivations. An example of this is the request for a service generated keypair in which the Authentication signature in the RegisterRequest and the encrypted data in the PrivateKey will both be computed with keys derived from the same shared secret.
Select Symmetric Encryption Algorithm for key pair encryption: