The secure exchange of keys between Unifyia and the Customer is one of the most sensitive stages of the ceremony. To protect the Master Key, the Transportation Key is split into multiple components and exchanged through a highly controlled process. This is done to ensure no single entity (or custodian) has access to the full key and to minimize the risk of a breach.

Key Exchange Steps:

1. Splitting the Transportation Key: The Transportation Key (ZMK) is split into three parts, and each part is assigned to a different Security Key Custodian (KC) at Unifyia.
2. Exchange of Key Parts:
• Custodian 1 sends Part 1 of the Transportation Key along with its Key Checksum Value (KCV) to Customer Custodian 1 on Day 1 via secure courier (printout and physical delivery).
• Custodian 2 sends Part 2 of the Transportation Key and its KCV to Customer Custodian 2 on Day 2 via separate courier.
• Custodian 3 sends Part 3 of the Transportation Key and its KCV to Customer Custodian 3 on Day 3 via a third courier.
3. Encrypted Master Key Delivery: After splitting and delivering the parts of the Transportation Key, Unifyia sends the encrypted Customer Master Key (KMC) and its KCV to Customer Custodian 1 by email for secure delivery.

This multi-step process ensures the safe and incremental exchange of the Transportation Key components, reducing the risk of interception or compromise.