Part 1: General - Computer Security Resource Center - National ...

More documents

Recommendations

Info

March, 2007 8.2.3.1 Re-keying...........................................................................................106 8.2.3.2 Key Update Function .........................................................................106 8.2.4 Key Derivation Function...................................................................................107 8.3 Post-Operational Phase .................................................................................................108 8.3.1 Archive Storage and Key Recovery Functions.................................................108 8.3.2 Entity De-registration Function ........................................................................111 8.3.3 Key De-registration Function ...........................................................................112 8.3.4 Key Destruction Function.................................................................................112 8.3.5 Key Revocation Function .................................................................................112 8.4 Destroyed Phase............................................................................................................113 9 ACCOUNTABILITY, AUDIT, AND SURVIVABILITY .................................................113 9.1 Accountability...............................................................................................................114 9.2 Audit .............................................................................................................................114 9.3 Key Management System Survivability .......................................................................115 9.3.1 Back-up Keys....................................................................................................115 9.3.2 Key Recovery....................................................................................................115 9.3.3 System Redundancy/Contingency Planning.....................................................115 9.3.3.1 <strong>General</strong> Principles..............................................................................116 9.3.3.2 Cryptography and Key Management-specific Recovery Issues ........117 9.3.4 Compromise Recovery......................................................................................117 10KEY MANAGEMENT SPECIFICATIONS FOR CRYPTOGRAPHIC DEVICES OR APPLICATIONS...................................................................................................................119 10.1 Key Management Specification Description/Purpose ..................................................119 10.2 Content of the Key Management Specification............................................................120 10.2.1 Cryptographic Application................................................................................120 10.2.2 Communications Environment .........................................................................120 10.2.3 Key Management Component Requirements ...................................................120 10.2.4 Key Management Component Generation........................................................121 10.2.5 Key Management Component Distribution......................................................121 10.2.6 Keying Material Storage...................................................................................121 10.2.7 Access Control..................................................................................................121 10.2.8 Accounting........................................................................................................121 11
March, 2007 10.2.9 Compromise Management and Recovery.........................................................122 10.2.10 Key Recovery...................................................................................................122 APPENDIX A: CRYPTOGRAPHIC AND NON-CRYPTOGRAPHIC INTEGRITY AND AUTHENTICATION MECHANISMS...............................................................................123 APPENDIX B: KEY RECOVERY ..........................................................................................125 B.1 Recovery from Stored Keying Material........................................................................126 B.2 Recovery by Reconstruction of Keying Material .........................................................126 B.3 Conditions Under Which Keying Material Needs to be Recoverable ..........................126 B.3.1 Signature Key Pairs...........................................................................................127 B.3.1.1 Public Signature Verification Keys ...................................................127 B.3.1.2 Private Signature Keys.......................................................................127 B.3.2 Symmetric Authentication Keys.......................................................................128 B.3.3 Authentication Key Pairs ..................................................................................129 B.3.3.1 Public Authentication Keys ...............................................................129 B.3.3.2 Private Authentication Keys ..............................................................130 B.3.4 Symmetric Data Encryption Keys ....................................................................130 B.3.5 Symmetric Key Wrapping Keys .......................................................................131 B.3.6 Random Number Generation Keys...................................................................131 B.3.7 Symmetric Master Keys....................................................................................131 B.3.8 Key Transport Key Pairs...................................................................................132 B.3.8.1 Private Key Transport Keys...............................................................132 B.3.8.2 Public Key Transport Keys................................................................132 B.3.9 Symmetric Key Agreement Keys .....................................................................133 B.3.10 Static Key Agreement Key Pairs ......................................................................133 B.3.10.1 Private Static Key Agreement Keys ..................................................133 B.3.10.2 Public Static Key Agreement Keys....................................................133 B.3.11 Ephemeral Key Pairs.........................................................................................133 B.3.11.1 Private Ephemeral Keys.....................................................................134 B.3.11.2 Public Ephemeral Keys......................................................................134 B.3.12 Symmetric Authorization Keys.........................................................................134 B.3.13 Authorization Key Pairs....................................................................................134 B.3.13.1 Private Authorization Keys................................................................134 12
Page 1 and 2: ARCHIVED PUBLICATION The attached p
Page 3 and 4: Abstract March, 2007 This Recommend
Page 5 and 6: Authority March, 2007 This document
Page 7 and 8: March, 2007 key validation, account
Page 9 and 10: March, 2007 4.2.4.1 DSA............
Page 11: March, 2007 8 KEY MANAGEMENT PHASES
Page 15 and 16: March, 2007 Figure 3: Key states an
Page 17 and 18: March, 2007 1.2 Audience The audien
Page 19 and 20: March, 2007 1. Section 1, Introduct
Page 21 and 22: March, 2007 Backup A copy of inform
Page 23 and 24: March, 2007 Digital signature The r
Page 25 and 26: Key Management Policy Key Managemen
Page 27 and 28: Proof of possession (POP) Pseudoran
Page 29 and 30: March, 2007 Split knowledge A proce
Page 31 and 32: March, 2007 3 Security Services Cry
Page 33 and 34: March, 2007 However, it is often th
Page 35 and 36: March, 2007 4 Cryptographic Algorit
Page 37 and 38: March, 2007 operates on blocks (chu
Page 39 and 40: March, 2007 minimum key size 7 of 1
Page 41 and 42: March, 2007 2. The protocols trigge
Page 43 and 44: March, 2007 7. Symmetric key wrappi
Page 45 and 46: March, 2007 9. Random numbers: The
Page 47 and 48: March, 2007 In general, where stron
Page 49 and 50: March, 2007 a. When a symmetric key
Page 51 and 52: March, 2007 information. For less s
Page 53 and 54: 8. Symmetric and Asymmetric RNG key
Page 55 and 56: 15. Private ephemeral key agreement
Page 57 and 58: Key Type 12. Symmetric Key Agreemen
Page 59 and 60: March, 2007 establishment keys, see
Page 61 and 62: March, 2007 c. Restricting plaintex
Page 63 and 64:
March, 2007 algorithms completely i
Page 65 and 66:
March, 2007 Table 3: Hash function
Page 67 and 68:
Table 4: Recommended algorithms and
Page 69 and 70:
March, 2007 size is available, the
Page 71 and 72:
Security life of data up to 4 years
Page 73 and 74:
March, 2007 6 Protection Requiremen
Page 75 and 76:
Table 5: Protection requirements fo
Page 77 and 78:
Key Type Security Service Private e
Page 79 and 80:
March, 2007 Crypto. Security Securi
Page 81 and 82:
March, 2007 may be applied only to
Page 83 and 84:
March, 2007 All cryptographic infor
Page 85 and 86:
March, 2007 8. Domain parameters (e
Page 87 and 88:
March, 2007 6. Destroyed Compromise
Page 89 and 90:
March, 2007 a. A private signature
Page 91 and 92:
2 Pre-Operational Phase 3 7 1 4 Ope
Page 93 and 94:
March, 2007 8.1 Pre-operational Pha
Page 95 and 96:
8.1.5.1.1 Distribution of Static Pu
Page 97 and 98:
March, 2007 and then provide eviden
Page 99 and 100:
March, 2007 listed in Section 8.1.5
Page 101 and 102:
March, 2007 encrypting key or publi
Page 103 and 104:
March, 2007 8.1.5.3.5 Intermediate
Page 105 and 106:
March, 2007 of keying material and
Page 107 and 108:
March, 2007 2. The application in w
Page 109 and 110:
March, 2007 and the key derivation
Page 111 and 112:
March, 2007 Type of Key Archive? Re
Page 113 and 114:
March, 2007 All records of the enti
Page 115 and 116:
March, 2007 other cryptographic inf
Page 117 and 118:
March, 2007 access to information e
Page 119 and 120:
March, 2007 1. Private key used to
Page 121 and 122:
March, 2007 10.2 Content of the Key
Page 123 and 124:
March, 2007 Management Specificatio
Page 125 and 126:
March, 2007 is the same value as th
Page 127 and 128:
March, 2007 If the decision is made
Page 129 and 130:
March, 2007 only, and then shall be
Page 131 and 132:
March, 2007 may be stored in backup
Page 133 and 134:
March, 2007 and the method of key r
Page 135 and 136:
March, 2007 ephemeral key pairs, an
Page 137 and 138:
B.3.14.7 Key Control Information Ma
Page 139 and 140:
March, 2007 to be saved. Keys for t
Page 141 and 142:
[HAC] Handbook of Applied Cryptogra
Page 143:
March, 2007 the owner by the CA tha
show all

Part 1: General - Computer Security Resource Center - National ...

Create successful ePaper yourself

Delete template?

Save as template?