Key Generation
QNSP generates cryptographic keys using secure random sources.
Key Generation
QNSP generates cryptographic keys using secure random sources.
Random sources
- HSM hardware RNG (primary)
- OS entropy pool (fallback)
- Additional entropy mixing
Generation process
- Request key generation with parameters
- Generate random bytes from HSM
- Derive key material using KDF
- Wrap key for storage
- Return key ID (not key material)
Key types
Symmetric keys
- AES-256 for encryption
- HMAC-SHA3-256 for authentication
Asymmetric keys (classical)
- Ed25519 for signatures
- X25519 for key exchange
Asymmetric keys (PQC)
- Dilithium for signatures
- Kyber for key encapsulation
- Falcon for size-constrained signatures
- SPHINCS+ for stateless signatures
Generation parameters
{
"algorithm": "aes-256-gcm",
"purpose": "encryption",
"extractable": false,
"rotationPeriod": "90d"
}
Key metadata
Generated keys include:
- Key ID (UUID)
- Algorithm and parameters
- Creation timestamp
- Expiry/rotation schedule
- Usage constraints