Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
3. If the private key is known, then the public key can be recomputed.<br />
4. A new key pair can be generated.<br />
B.3.9 Symmetric Key Agreement Keys<br />
March, 2007<br />
Symmetric key agreement keys are used to establish keying material (e.g., symmetric key<br />
wrapping keys, symmetric data encryption keys, or symmetric authentication keys). Each key<br />
agreement key is shared between two or more entities. If these keys are distributed manually<br />
(e.g., in a key loading device or by receipted mail), then the symmetric key agreement key<br />
should be backed up. If an electronic means is available for quickly establishing new keys (e.g.,<br />
a key transport mechanism can be used to establish a new symmetric key agreement key), then a<br />
symmetric key agreement key need not be backed up. Symmetric key agreement keys shall not<br />
be archived.<br />
B.3.10 Static Key Agreement Key Pairs<br />
Static key agreement key pairs are used to establish shared secrets between entities, often in<br />
conjunction with ephemeral key pairs (see [SP800-56]). Each entity uses their private key<br />
agreement key(s), the other entity's public key agreement key(s) and possibly their own public<br />
key agreement key(s) to determine the shared secret. The shared secret is subsequently used to<br />
derive shared keying material. Note that in some key agreement schemes, one or more of the<br />
entities may not have a static key agreement pair (see [SP800-56]).<br />
B.3.10.1 Private Static Key Agreement Keys<br />
If the private static key agreement key cannot be replaced in a timely manner, or if it needs to be<br />
retained in order to recover encrypted stored data, then the private key should be backed up in<br />
order to continue operations. The private key should not be archived unless needed for<br />
reconstruction of the keying material.<br />
B.3.10.2 Public Static Key Agreement Keys<br />
If an entity determines that the public static key agreement key is lost or corrupted, the entity<br />
may recover in one of the following ways:<br />
1. If the public key has been certified and is stored elsewhere within the infrastructure, then<br />
the certificate can be requested.<br />
2. If some other entity knows the public key (e.g., the other entity is the actual owner of the<br />
key pair), the key can be requested from this other entity.<br />
3. If the private key is known, then the public key can be recomputed.<br />
4. If the entity is the owner of the key pair, a new key pair can be generated and distributed.<br />
If none of these alternatives are possible, then the public static key agreement key should be<br />
backed up. The public key should not be archived unless needed for reconstruction of the keying<br />
material.<br />
B.3.11 Ephemeral Key Pairs<br />
Ephemeral key agreement keys are generated and distributed during a single key agreement<br />
process (e.g., at the beginning of a communication session) and are not reused. These key pairs<br />
are used to establish a shared secret (often in combination with static key pairs); the shared secret<br />
is subsequently used to derive shared keying material. Not all key agreement schemes use<br />
133