Key management
Encyclopedia
Key management is the provisions made in a cryptography
system
design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of key
s. It includes cryptographic protocol
design, key server
s, user procedures, and other relevant protocols.
Key management concerns keys at the user level, either between users or systems. This is in contrast to key scheduling; key scheduling typically refers to the internal handling of key material within the operation of a cipher.
Successful key management is critical to the security of a cryptosystem. In practice it is arguably the most difficult aspect of cryptography
because it involves system policy, user training, organizational and departmental interactions, and coordination between all of these elements.
These concerns are not limited to cryptographic engineering
. Key management requires both technical and organizational decisions, and as a result, some aspects of key management risk being neglected by managers and engineers, out of concern that the problem is technical or managerial, respectively.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
system
Cryptosystem
There are two different meanings of the word cryptosystem. One is used by the cryptographic community, while the other is the meaning understood by the public.- General meaning :...
design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of key
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
s. It includes cryptographic protocol
Cryptographic protocol
A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...
design, key server
Key server (cryptographic)
In computer security, a key server is a computer that receives and then serves existing cryptographic keys to users or other programs. The users' programs can be working on the same network as the key server or on another networked computer....
s, user procedures, and other relevant protocols.
Key management concerns keys at the user level, either between users or systems. This is in contrast to key scheduling; key scheduling typically refers to the internal handling of key material within the operation of a cipher.
Successful key management is critical to the security of a cryptosystem. In practice it is arguably the most difficult aspect of cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
because it involves system policy, user training, organizational and departmental interactions, and coordination between all of these elements.
These concerns are not limited to cryptographic engineering
Cryptographic engineering
Cryptographic engineering is the discipline of using cryptography to solve human problems. Cryptography is typically applied when trying to ensure data confidentiality, to authenticate people or devices, or to verify data integrity in risky environments....
. Key management requires both technical and organizational decisions, and as a result, some aspects of key management risk being neglected by managers and engineers, out of concern that the problem is technical or managerial, respectively.
Multicast Group Key Management
Group Key Management means managing the keys in a group communication. Most of the group communications use multicast communication because if the message is sent once by the sender, it will be received by all the users. Main problem in multicast group communication is its security. In order to improve the security, various keys are given to the users.Using the keys the users can encrypt their messages and send secretly. Basically three types of keys are used.See also
- Cryptographic key typesCryptographic key typesOne of the most important aspects of any cryptographic system is key management; it is also the aspect which is most often neglected. A very common mistake is mixing different key types and reusing the same key for different purposes...
- Key (cryptography)Key (cryptography)In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
- Key exchangeKey exchangeKey exchange is any method in cryptography by which cryptographic keys are exchanged between users, allowing use of a cryptographic algorithm....
- NSA's Electronic Key Management System (EKMSEKMSThe Electronic Key Management System system is a United States National Security Agency led program responsible for Communications Security key management, accounting and distribution...
) - Public key infrastructurePublic key infrastructurePublic Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
- Assorted list of cryptographic key types
- Physical key management
- Symmetric key managementSymmetric key managementSymmetric key management is the key management of cryptographic symmetric encryption keys. In a symmetric key algorithm the keys involved are identical for both encrypting and decrypting a message. Such keys must be chosen carefully, and distributed and stored securely. In any system there may be...
- Key CeremonyKey CeremonyAt the heart of every certificate authority or certification authority is at least one Root Key or Root Certificate and usually, at least one Intermediate Root Certificate. These Digital Certificates are made from a Public and a Private Key. A Root Key Ceremony is a procedure where a unique pair...
- Key encapsulationKey encapsulationKey encapsulation mechanisms are a class of encryption techniques designed to secure symmetric cryptographic key material for transmission using asymmetric algorithms. In practice, public key systems are clumsy to use in transmitting long messages. Instead they are often used to exchange...
- KMIPKMIPThe Key Management Interoperability Protocol tries to establish a single, comprehensive protocol for the communication between enterprise key management systems and encryption systems. By using a consolidated protocol, organizations will be able to simplify key management and reduce operational...
- KeystoreKeystoreA Java KeyStore is a repository of security certificates, either Authorization certificates or Public key certificates - used for instance in SSL encryption.In WebLogic server, a file with extension jks serves as keystore....
External links
- Recommendation for Key Management — Part 1: general, NIST Special Publication 800-57
- NIST Cryptographic Toolkit
- The IEEE Security in Storage Working Group (SISWG) that is creating the P1619.3 standard for Key Management
- American National Standards Institute - ANSI X9.24, Retail Financial Services Symmetric Key Management
- The OASIS Key Management Interoperability Protocol (KMIP) Technical Committee
- The OASIS Enterprise Key Management Infrastructure (EKMI)Technical Committee
- "Types of Key Management"
- "Key Management with a Powerful Keystore"