Part 1: General - Computer Security Resource Center - National ...

31.07.2013 Views
March, 2007 8.2.3.1 Re-keying...........................................................................................106 8.2.3.2 Key Update Function .........................................................................106 8.2.4 Key Derivation Function...................................................................................107 8.3 Post-Operational Phase .................................................................................................108 8.3.1 Archive Storage and Key Recovery Functions.................................................108 8.3.2 Entity De-registration Function ........................................................................111 8.3.3 Key De-registration Function ...........................................................................112 8.3.4 Key Destruction Function.................................................................................112 8.3.5 Key Revocation Function .................................................................................112 8.4 Destroyed Phase............................................................................................................113 9 ACCOUNTABILITY, AUDIT, AND SURVIVABILITY .................................................113 9.1 Accountability...............................................................................................................114 9.2 Audit .............................................................................................................................114 9.3 Key Management System Survivability .......................................................................115 9.3.1 Back-up Keys....................................................................................................115 9.3.2 Key Recovery....................................................................................................115 9.3.3 System Redundancy/Contingency Planning.....................................................115 9.3.3.1 General Principles..............................................................................116 9.3.3.2 Cryptography and Key Management-specific Recovery Issues ........117 9.3.4 Compromise Recovery......................................................................................117 10KEY MANAGEMENT SPECIFICATIONS FOR CRYPTOGRAPHIC DEVICES OR APPLICATIONS...................................................................................................................119 10.1 Key Management Specification Description/Purpose ..................................................119 10.2 Content of the Key Management Specification............................................................120 10.2.1 Cryptographic Application................................................................................120 10.2.2 Communications Environment .........................................................................120 10.2.3 Key Management Component Requirements ...................................................120 10.2.4 Key Management Component Generation........................................................121 10.2.5 Key Management Component Distribution......................................................121 10.2.6 Keying Material Storage...................................................................................121 10.2.7 Access Control..................................................................................................121 10.2.8 Accounting........................................................................................................121 11

March, 2007 10.2.9 Compromise Management and Recovery.........................................................122 10.2.10 Key Recovery...................................................................................................122 APPENDIX A: CRYPTOGRAPHIC AND NON-CRYPTOGRAPHIC INTEGRITY AND AUTHENTICATION MECHANISMS...............................................................................123 APPENDIX B: KEY RECOVERY ..........................................................................................125 B.1 Recovery from Stored Keying Material........................................................................126 B.2 Recovery by Reconstruction of Keying Material .........................................................126 B.3 Conditions Under Which Keying Material Needs to be Recoverable ..........................126 B.3.1 Signature Key Pairs...........................................................................................127 B.3.1.1 Public Signature Verification Keys ...................................................127 B.3.1.2 Private Signature Keys.......................................................................127 B.3.2 Symmetric Authentication Keys.......................................................................128 B.3.3 Authentication Key Pairs ..................................................................................129 B.3.3.1 Public Authentication Keys ...............................................................129 B.3.3.2 Private Authentication Keys ..............................................................130 B.3.4 Symmetric Data Encryption Keys ....................................................................130 B.3.5 Symmetric Key Wrapping Keys .......................................................................131 B.3.6 Random Number Generation Keys...................................................................131 B.3.7 Symmetric Master Keys....................................................................................131 B.3.8 Key Transport Key Pairs...................................................................................132 B.3.8.1 Private Key Transport Keys...............................................................132 B.3.8.2 Public Key Transport Keys................................................................132 B.3.9 Symmetric Key Agreement Keys .....................................................................133 B.3.10 Static Key Agreement Key Pairs ......................................................................133 B.3.10.1 Private Static Key Agreement Keys ..................................................133 B.3.10.2 Public Static Key Agreement Keys....................................................133 B.3.11 Ephemeral Key Pairs.........................................................................................133 B.3.11.1 Private Ephemeral Keys.....................................................................134 B.3.11.2 Public Ephemeral Keys......................................................................134 B.3.12 Symmetric Authorization Keys.........................................................................134 B.3.13 Authorization Key Pairs....................................................................................134 B.3.13.1 Private Authorization Keys................................................................134 12

Page 1 and 2: ARCHIVED PUBLICATION The attached p

Page 3 and 4: Abstract March, 2007 This Recommend

Page 5 and 6: Authority March, 2007 This document

Page 7 and 8: March, 2007 key validation, account

Page 9 and 10: March, 2007 4.2.4.1 DSA............

Page 11: March, 2007 8 KEY MANAGEMENT PHASES

Page 15 and 16: March, 2007 Figure 3: Key states an

Page 17 and 18: March, 2007 1.2 Audience The audien

Page 19 and 20: March, 2007 1. Section 1, Introduct

Page 21 and 22: March, 2007 Backup A copy of inform

Page 23 and 24: March, 2007 Digital signature The r

Page 25 and 26: Key Management Policy Key Managemen

Page 27 and 28: Proof of possession (POP) Pseudoran

Page 29 and 30: March, 2007 Split knowledge A proce

Page 31 and 32: March, 2007 3 Security Services Cry

Page 33 and 34: March, 2007 However, it is often th

Page 35 and 36: March, 2007 4 Cryptographic Algorit

Page 37 and 38: March, 2007 operates on blocks (chu

Page 39 and 40: March, 2007 minimum key size 7 of 1

Page 41 and 42: March, 2007 2. The protocols trigge

Page 43 and 44: March, 2007 7. Symmetric key wrappi

Page 45 and 46: March, 2007 9. Random numbers: The

Page 47 and 48: March, 2007 In general, where stron

Page 49 and 50: March, 2007 a. When a symmetric key

Page 51 and 52: March, 2007 information. For less s

Page 53 and 54: 8. Symmetric and Asymmetric RNG key

Page 55 and 56: 15. Private ephemeral key agreement

Page 57 and 58: Key Type 12. Symmetric Key Agreemen

Page 59 and 60: March, 2007 establishment keys, see

Page 61 and 62: March, 2007 c. Restricting plaintex

Page 63 and 64: March, 2007 algorithms completely i

Page 65 and 66: March, 2007 Table 3: Hash function

Page 67 and 68: Table 4: Recommended algorithms and

Page 69 and 70: March, 2007 size is available, the

Page 71 and 72: Security life of data up to 4 years

Page 73 and 74: March, 2007 6 Protection Requiremen

Page 75 and 76: Table 5: Protection requirements fo

Page 77 and 78: Key Type Security Service Private e

Page 79 and 80: March, 2007 Crypto. Security Securi

Page 81 and 82: March, 2007 may be applied only to

Page 83 and 84: March, 2007 All cryptographic infor

Page 85 and 86: March, 2007 8. Domain parameters (e

Page 87 and 88: March, 2007 6. Destroyed Compromise

Page 89 and 90: March, 2007 a. A private signature

Page 91 and 92: 2 Pre-Operational Phase 3 7 1 4 Ope

Page 93 and 94: March, 2007 8.1 Pre-operational Pha

Page 95 and 96: 8.1.5.1.1 Distribution of Static Pu

Page 97 and 98: March, 2007 and then provide eviden

Page 99 and 100: March, 2007 listed in Section 8.1.5

Page 101 and 102: March, 2007 encrypting key or publi

Page 103 and 104: March, 2007 8.1.5.3.5 Intermediate

Page 105 and 106: March, 2007 of keying material and

Page 107 and 108: March, 2007 2. The application in w

Page 109 and 110: March, 2007 and the key derivation

Page 111 and 112: March, 2007 Type of Key Archive? Re

Page 113 and 114: March, 2007 All records of the enti

Page 115 and 116: March, 2007 other cryptographic inf

Page 117 and 118: March, 2007 access to information e

Page 119 and 120: March, 2007 1. Private key used to

Page 121 and 122: March, 2007 10.2 Content of the Key

Page 123 and 124: March, 2007 Management Specificatio

Page 125 and 126: March, 2007 is the same value as th

Page 127 and 128: March, 2007 If the decision is made

Page 129 and 130: March, 2007 only, and then shall be

Page 131 and 132: March, 2007 may be stored in backup

Page 133 and 134: March, 2007 and the method of key r

Page 135 and 136: March, 2007 ephemeral key pairs, an

Page 137 and 138: B.3.14.7 Key Control Information Ma

Page 139 and 140: March, 2007 to be saved. Keys for t

Page 141 and 142: [HAC] Handbook of Applied Cryptogra

Page 143: March, 2007 the owner by the CA tha

cryptographic

keying

symmetric

algorithm

authentication

cryptoperiod

entity

algorithms

associated

usage

resource

csrc.nist.gov

Part 1: General - Computer Security Resource Center - National ...

Part 1: General - Computer Security Resource Center - National ... ... View more Part 1: General - Computer Security Resource Center - National ...

Delete template?

Save as template ?

Part 1: General - Computer Security Resource Center - National ... Part 1: General - Computer Security Resource Center - National ...