Key Publication
Key publication is the process of publishing your institution's encryption keys to the CRYMBO Oracle network. These keys enable secure, encrypted identity exchange between counterparties.
Why Publish Keys?
CRYMBO's identity exchange is built on end-to-end encryption. When a counterparty needs to verify your identity (or vice versa), the Oracle uses published encryption keys to:
- Encrypt PII so only the authorized recipient can decrypt it
- Ensure data integrity through cryptographic signatures
- Enable selective disclosure — share only the fields required by regulation
Without published keys, your institution cannot participate in identity exchange flows.
How It Works
- Generate Key Pair — Your system generates an asymmetric encryption key pair (public + private)
- Publish Public Key — The public key is registered with the CRYMBO Oracle via the Platform or API
- Store Private Key — The private key remains with your institution (never shared with CRYMBO)
- Key Verification — The Oracle verifies the key is valid and associated with your verified institution
- Ready for Exchange — Counterparties can now encrypt data for your institution using your published key
Key Types
| Key Type | Purpose |
|---|---|
| Encryption Key | Used to encrypt/decrypt PII during identity exchange |
| Signing Key | Used to sign attestations and verify data integrity |
Key Management Best Practices
- Rotate keys periodically (recommended: every 90 days)
- Store private keys in a Hardware Security Module (HSM) or equivalent secure environment
- Maintain key backup and recovery procedures
- Revoke and replace keys immediately if compromise is suspected
API Reference
POST /api/v1/keys/publish
{
"publicKey": "<base64-encoded-public-key>",
"keyType": "encryption",
"algorithm": "RSA-OAEP-256"
}
📌 Next: Integration Guide →