I tried google, but its not what I want. Google says, its a gathering to check how securely a signing key is stored based on distributed access to the key.
I have this class which has 3 Strings(broken key) and respective attributes (key check values, zone key check values, encryption master key). Using which I derive a Master key. I cannot put up the code here, as it violates my security policy. btw this is for smart cards.
If any one has any idea of this, please explain or point me to it.
OK, I'm going to be assuming a simple symmetric key (3DES or AES) split into 3 parts here. I can only answer because I make this assumption.
A key value is randomly generated, this is the key you're going to protect. Lets call this key the master key. A KCV (key check value) is calculated over the master key, so if it is regenerated the correctness of the key can be verified with relatively high certainty without revealing the value itself. The KCV doesn't leak information about the key material itself as the calculation of the KCV is one way.
This key is split into three parts using other random values and XOR. First two other random keys are generated. The third key is calculated to be the XOR of the other keys and the master key. KCV values are calculated and written down. The three keys can now be distributed to 3 different actors. These actors are called key managers in the role they perform in the ceremony. Commonly the key managers secure access to their key.
Now to regenerate the master key each key manager writes down their part of the key. The KCV of the key is verified before proceeding to make sure that no input errors have been mode, or that the value is not that of a different key. Now if you calculate the XOR of the three keys then you'll get the master key again. This value is again compared to the master key.
So that's all there is to it.
With regards to the security of this scheme: