Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
If the decision is made to provide key recovery for a key, all information associated with that key<br />
shall also be recoverable (see Table 5 in Section 6).<br />
B.1 Recovery from Stored Keying Material<br />
The primary purpose of backing up or archiving keying material is to be able to recover that<br />
material when it is not otherwise available in normal operational storage to decrypt or check the<br />
information protected by the keying material. For example, encrypted information cannot be<br />
transformed into plaintext information if the decryption key is lost or modified; the integrity of<br />
data cannot be determined if the key used to verify the integrity of that data is not available. The<br />
key recovery processes acquires the keying material from backup or archive storage, and places<br />
it either in the device or module, or in immediately accessible storage (see Section 8.3.1).<br />
B.2 Recovery by Reconstruction of Keying Material<br />
Some keying material may be recovered by reconstructing or re-deriving the keying material<br />
from other available keying material, the “base” keying material (e.g., a master key for a key<br />
derivation method). The base keying material shall be available in either normal operational<br />
storage (see Section 8.2.1), backup storage (see Section 8.2.2.1) or archive storage (see Section<br />
8.3.1).<br />
B.3 Conditions Under Which Keying Material Needs to be Recoverable<br />
The decision as to whether to backup or archive keying material for possible key recovery<br />
should be made on a case by case basis. The decision should be based on:<br />
1. the type of key (e.g., signing private key, long-term data encryption key),<br />
2. the application in which the key will be used (e.g., interactive communications, file<br />
storage),<br />
3. whether the key is "owned" by the local entity (e.g., a private key) or by another entity<br />
(e.g., the other entity's public key) or is shared (e.g., a symmetric data encryption key<br />
shared by two entities),<br />
4. the role of the entity in a communication (e.g., sender of receiver),<br />
5. the algorithm or computation in which the key will be used (e.g., does the entity have the<br />
necessary information to perform a given computation if the key were to be recovered) 33 ,<br />
and<br />
6. the value of the information protected by the keying material, and the consequences of<br />
the loss of the keying material.<br />
The factors involved in a decision for or against key recovery should be carefully assessed. The<br />
trade-offs are concerned with continuity of operations versus the risk of possibly exposing the<br />
keying material and the information it protects if control of the keying material is lost. When a<br />
key is recovered, the following actions shall be taken:<br />
33<br />
This could be the case when performing a key establishment process for some key establishment schemes (see SP<br />
800-56).<br />
126