BYOK provides non-repudiation: it proves that a specific organization signed the analysis log. Use BYOK for regulatory or compliance scenarios where:
- Your organization controls the private key
- The private key never leaves your secure infrastructure
- You share only the public key with auditors
- No one outside your organization can forge signatures
When BYOK is configured, log files are dual-signed: the embedded key provides software attestation, and your BYOK key provides non-repudiation.
Generating an Ed25519 key pair
Option 1: OpenSSL (Linux / macOS)
# Generate private key in PEM format
openssl genpkey -algorithm Ed25519 -out private.pem
# Convert to DER (PKCS8) format (required by MTC Skopos)
openssl pkcs8 -topk8 -nocrypt -in private.pem -outform DER -out private.key
# Extract public key in DER format
openssl pkey -in private.pem -pubout -outform DER -out public_full.der
# Extract raw 32-byte public key (skip the 12-byte DER header)
tail -c 32 public_full.der > public.key
# Clean up intermediate files
rm private.pem public_full.der
Option 2: OpenSSL (Windows)
OpenSSL can be installed via Win32/Win64 OpenSSL or via winget install ShiningLight.OpenSSL.
# Generate private key in PEM format
openssl genpkey -algorithm Ed25519 -out private.pem
# Convert to DER (PKCS8) format (required by MTC Skopos)
openssl pkcs8 -topk8 -nocrypt -in private.pem -outform DER -out private.key
# Extract public key in DER format
openssl pkey -in private.pem -pubout -outform DER -out public_full.der
# Extract raw 32-byte public key (skip the 12-byte DER header)
$bytes = [System.IO.File]::ReadAllBytes("public_full.der")
[System.IO.File]::WriteAllBytes("public.key", $bytes[($bytes.Length - 32)..($bytes.Length - 1)])
# Clean up intermediate files
Remove-Item private.pem, public_full.der
Option 3: Python (all platforms)
pip install cryptography
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives.serialization import (
Encoding, PrivateFormat, NoEncryption, PublicFormat
)
private_key = Ed25519PrivateKey.generate()
# Save private key (PKCS8 DER)
with open("private.key", "wb") as f:
f.write(private_key.private_bytes(Encoding.DER, PrivateFormat.PKCS8, NoEncryption()))
# Save raw 32-byte public key
with open("public.key", "wb") as f:
f.write(private_key.public_key().public_bytes(Encoding.Raw, PublicFormat.Raw))
Configuring BYOK in MTC Skopos
- Open Settings in the application
- Expand the Log Signing (BYOK — Non-Repudiation) section
- Set Private key path to your
private.keyfile (PKCS8 DER format) - Set Public key path to your
public.keyfile (raw 32-byte Ed25519 public key) - The application will use your keys immediately for non-repudiation signing on all subsequent analyses
Key storage recommendations
| Environment | Recommendation |
|---|---|
| Minimal | Store on an encrypted disk partition with restricted file permissions (chmod 600 private.key) |
| Recommended | Store on a dedicated secure server or vault (e.g., HashiCorp Vault, AWS KMS) |
| High security | Use a Hardware Security Module (HSM) or secure enclave |
General guidelines:
- Never share the private key via email, chat, or unencrypted channels
- Never commit the private key to version control
- Keep backups of the private key in a separate secure location
- Rotate keys periodically (e.g., annually). Old signatures remain verifiable
- Share only the public key (
public.key) with auditors
Windows-specific key protection
Restrict file access to your user account only:
$acl = Get-Acl "private.key"
$acl.SetAccessRuleProtection($true, $false)
$acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) } | Out-Null
$rule = New-Object System.Security.AccessControl.FileSystemAccessRule(
[System.Security.Principal.WindowsIdentity]::GetCurrent().Name,
"Read", "Allow")
$acl.AddAccessRule($rule)
Set-Acl "private.key" $acl
For disk-level encryption, enable BitLocker on the partition where the key is stored.
Sharing the public key with auditors
Provide auditors with:
- The
public.keyfile (32 bytes, safe to share) - The independent verification instructions
- The key ID (shown in the
__signature__.non_repudiation_signature.key_idfield of signed log files)