Startup Sequence

BVKS requires manual root key entry at startup.

Steps

  1. Operator retrieves KSK from offline storage
  2. KSK entered into BVKS
  3. BVKS unwraps all SUKs
  4. SUKs stored in locked memory
  5. KSK memory is zeroized
  6. KSK discarded

After this point:

  • KSK no longer exists in memory or disk

    • Implications

    Design goal

    Root key must never be recoverable from the running system.