Back to the WebFunds page or the FAQ index or the Ricardo page.
Systemics Ricardo is based on SOX (for Systemics Open Transactions), which uses PGP (for Pretty Good Privacy) keys to manage value. The actual keys used are generated by the applications, but PGP itself could in every case be used to do the same thing.
PGP keys come in pairs, being the secret key and the public key. Like all public key systems, these keys have a wonderful property: the holder of the secret key can be identified, but not imitated, by the holder of the public key. See Cryptographic Toolkit for Electronic Cash for a quick survey of cryptographic concepts.
When a SOX application such as WebFunds sends a PGP public key to an Issuer, then the the shared arrangement is known as a KHID (for Key-Holder-Id). Now, the SOX application can identify itself to the Issuer securely.
The following sections document the real-life user issues that have been experienced so far.
They are compatible and could be used for both purposes. Indeed that was a design principle, to allow PGP to check and/or produce the keys.
However, we would really rather you didn't. Here's at least two good reasons:
Do you have the same trust in WebFunds? Again, maybe, as it is just an application like PGP, and it can be compromised in much the same way.
So, to cope with an aggressive and uncertain world, you should use different keys and 'firewall' your secrets! If something goes drastically wrong with one application, it can only compromise the data it is working with.
Note that this can occur with any application. Your data is at the mercy of the software, and this software is no exception. We would, however, advise additional caution with WebFunds as it deals in money. Your money.
Whoa, pardna! A little confusion here...
We don't need your secret stuff or your password or your family jewels... :-)
The Issuer in fact doesn't need anything from you except the official act of registration. Which is done automagically by the applications, as they sends sufficient public key details to allow us to confirm that you are on the other end of the quality bit.
There are only two (minor?) considerations:
Relax, we're not the new Secret Net Police! No jackboots and brown shirts here, just DM's and black ...
The password is used to decrypt the key. To read the key without the password, consider the following:
Have we made it clear: don't lose your password. While you're considering this absolute truth, read the bit about backups, immediately below.
We are sympathetic to the problem, and we're working on it. It's just that the answers are not really solutions, and introducing a half-solution will often cause more problems than it solves.
The secret key is your passport to the Internet Financial System. Lose your passport and your stuck in the war zone and the cavalry can't come to your rescue.
So, make backups of the secret key. Good backups of the file:
It also makes good good sense to store your backups somewhere else - these are called off-site backups, and they protect you against earthquakes, children and other acts of god. Think of somewhere safe, but not with your dodgy disk drive mate :-)
While you're thinking up somewhere safe, read the bit about passwords, immediately above.
Let all the issuers and markets that you had value with know. If you can, provide them with the fingerprint of the key (we call it the khid for key id).
If you can't provide the khid, you will have to provide a description of all activities and timings. Then, each entity will have to do traffic analysis to try and isolate which is which key. As you can imagine, this is not guarunteed. As you might fear, this could be expensive. Which is why it's not a good idea to be reading this ... or making spanish keys under the influence rapidly emptying bottles :-)
Strong crypto, employed in the interests of privacy, is like that. If it wasn't so hard, then it would be easy for anyone to scan your traffic and steal your money.
What strong crypto does is give you the power to control that which is your own. It also forces the responsibility onto you. With power comes responsibility.