Key Exchange

On the left side of the diagram, the Software Development Kit (SDK) is responsible for taking the symmetric encryption keys, hash keys, and a signed public key to generate a Quick Response (QR) code. This QR code encapsulates all these critical security components in a compact and efficient format. Once generated, the QR code is prominently displayed to the user. The purpose of this display is to enable the user to save these keys securely on their local device. This process is designed to ensure that the sensitive keys are stored in a manner that is both convenient for the user and secure from potential external threats.

The next step involves the user scanning the QR code using a device that is equipped with the mobile app. This scanning process is crucial as it facilitates the transfer of the encryption keys in an air-gapped environment. By utilizing an air-gapped transfer method, the encryption keys are not transmitted over any external network, thereby significantly enhancing the security of the transfer. The integrity and confidentiality of the transfer are maintained by ensuring that only a single authorized device is used to scan the QR code. Furthermore, the data encapsulated within the QR code remains confined to the internal network of the system that is displaying the code, ensuring that it does not leave this controlled environment. This method of transfer provides a robust layer of security, mitigating the risks associated with network-based vulnerabilities and ensuring that the encryption keys remain protected throughout the process.