Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Type of Key Backup?<br />
March, 2007<br />
Public static key agreement key OK; its presence in a public-key certificate that is available<br />
elsewhere may be sufficient.<br />
Private ephemeral key agreement<br />
key<br />
Public ephemeral key agreement<br />
key<br />
No<br />
Symmetric authorization key OK<br />
Private authorization key OK<br />
OK if needed for reconstruction during key recovery<br />
Public authorization key OK; its presence in a public-key certificate that is available<br />
elsewhere may be sufficient.<br />
Table 8: Backup of other cryptographic or related information<br />
Type of Keying Material Backup?<br />
Domain parameters OK<br />
Initialization vector OK, if necessary<br />
Shared secret No<br />
RNG seed No<br />
Other public information OK<br />
Intermediate results No<br />
Key control information (e.g.,<br />
IDs, purpose, etc.)<br />
OK<br />
Random number Depends on application or use of the RNG<br />
Passwords OK<br />
Audit information OK<br />
8.2.2.2 Key Recovery Function<br />
Keying material that is in active memory or stored in normal operational storage may sometimes<br />
be lost or corrupted (e.g., from a system crash or power fluctuation). Some of the keying material<br />
is needed to continue operations and cannot easily be replaced. An assessment needs to be made<br />
of which keying material needs to be preserved for possible recovery at a later time.<br />
The decision as to whether key recovery is required should be made on a case by case basis. The<br />
decision should be based on:<br />
1. The type of key (e.g., private signature key, symmetric data encryption key),<br />
105