Key Management
Key management is a foundational part of CRYMBO Oracle's secure data exchange architecture. Each Bussiness/ institution is responsible for generating, rotating, and securely storing their cryptographic key pairs.
CRYMBO never stores private keys and enforces strict separation of duties between data encryption and access control.
π Key Types Usedβ
| Key Type | Purpose |
|---|---|
| X25519 | Encrypting AES keys (receiver's pubkey) |
| AES-256-GCM | Encrypting PII payloads |
π Key Generationβ
- Bussiness/ institution generate key pairs client-side using secure cryptographic libraries
- Keys must follow X25519 standards
- Public keys are uploaded via:
- CRYMBO Connect dashboard
POST /api/keys/publish
β»οΈ Key Rotationβ
- Public keys can be rotated at any time
- CRYMBO retains a timestamped history
- Old keys are deprecated, not deleted
Rotation reasons:
- Scheduled lifecycle management
- Suspected compromise
- Compliance policy update
π Key Storage (Bussiness/ institution Side)β
- Private keys are stored securely by each Bussiness/ institution
- Suggested methods:
- Hardware Security Modules (HSM)
- Encrypted key vaults (e.g., HashiCorp Vault)
- Secure enclaves (TEE/SGX)
CRYMBO does not provide private key hosting.
β Revocation & Compromiseβ
If a key is compromised:
- Bussiness/ institution must immediately publish a new public key
- CRYMBO marks the old key as deprecated
- Identity flows to that Bussiness/ institution use the updated key
Audit Loggingβ
- Every key update is logged on-chain (or off-chain registry)
- Includes
createdAt,version, andVASP ID - Regulators and counterparties can trace key lineage
π Next Step: Understand the systemβs Threat Model and how risks are mitigated