Recommendation for Cryptographic Key Management

Recommendation for Cryptographic Key Management

The security of information protected by cryptographic keys directly depends on the strength of those keys, the effectiveness of mechanisms and protocols associated with keys and the protection afforded to the keys. Key management provides the foundation for the secure generation, storage, distribution and destruction of keys. This recommendation provides background information and establishes frameworks to support appropriate decisions when selecting and using cryptographic keys.

The proper management of cryptographic keys is essential to the effective use of cryptography for security. Keys are analogous to the combination of a safe. If a safe combination becomes known to an adversary, the strongest safe provides no security against penetration. Similarly, poor key management may easily compromise strong algorithms. Ultimately, the security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of mechanisms and protocols associated with keys, and the protection afforded to the keys. All keys need to be protected against modification, and secret and private keys need to be protected against unauthorized disclosure. Key management provides the foundation for the secure generation, storage, distribution and destruction of keys.

Users and developers are presented with many choices in their use of cryptographic mechanisms. Inappropriate choices may result in an illusion of security, but little or no real security for the protocol or application. This recommendation provides background information and establishes frameworks to support appropriate decisions when selecting and using cryptographic mechanisms. The attached Zip file includes:

• Intro Page.doc
• Cover Sheet and Terms.pdf
• Recommendation for Cryptographic Key Management.pdf