Master key
What is the master key?
Idemeum desktop client handles sensitive information, including user credentials. In order to achieve the highest level of security and enable client-side encryption, you can generate master key
in the admin portal and supply that key to all idemeum desktop agents during installation. This way your credentials are encrypted with your own key that is not known to idemeum team. Even if idemeum cloud is compromised, your credentials will never be exposed.
How to access master key?
- Navigate to your idemeum tenant and access admin portal
- Access
Settings
→Desktop agent
- Scroll down to
Master key
- Copy the master key and enter the key into idemeum desktop application during installation (if you are installing manually)
- You can always retrieve your key by hitting the
View key
button
Technical details
Master key is an AES-GCM 256-bit symmetric encryption key. AES-GCM is Advanced Encryption Standard algorithm in Galois/Counter Mode.
Master key is a tenant specific encryption key that is created by the tenant administrator in the admin web portal. On creation, each tenant administrator is assigned a copy of the master key that is encrypted by the administrator’s private key that resides in the idemeum mobile identity. By doing so, the encrypted master key cannot be seen by anyone, including idemeum, in the cloud adhering to the zero-knowledge cloud principles. This means that even if someone hacks into idemeum cloud, they will not be able to decrypt the master key as there is no decryption key in the cloud.
The master key can be accessed by the tenant administrator in the web portal and on the tenant workstations / desktops to securely manage user credentials. On the workstation, the master key is persisted in the registry and remains in the tenant infrastructure.
Master key is used in multiple use cases including and not limited to user authentication, capturing domain password, auto-fill credentials.