Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
RECOMMENDATION FOR KEY MANAGEMENT<br />
<strong>Part</strong> 1: <strong>General</strong><br />
March, 2007<br />
1 INTRODUCTION<br />
Cryptographic mechanisms are one of the strongest ways to provide security services for<br />
electronic applications and protocols and for data storage. The <strong>National</strong> Institute of Standards<br />
and Technology (NIST) publishes Federal Information Processing Standards (FIPS) and NIST<br />
Recommendations (which are published as Special Publications) that specify cryptographic<br />
techniques for protecting sensitive unclassified information.<br />
Since NIST published the Data Encryption Standard (DES) in 1977, the suite of Approved<br />
standardized algorithms has been growing. New classes of algorithms have been added, such as<br />
secure hash algorithms and asymmetric key algorithms for digital signatures. The suite of<br />
algorithms now provides different levels of cryptographic strength through a variety of key sizes.<br />
The algorithms may be combined in many ways to support increasingly complex protocols and<br />
applications. This NIST Recommendation applies to U.S. government agencies using<br />
cryptography for the protection of their sensitive unclassified information. This recommendation<br />
may also be followed, on a voluntary basis, by other organizations that want to implement sound<br />
security principles in their computer systems.<br />
The proper management of cryptographic keys is essential to the effective use of cryptography<br />
for security. Keys are analogous to the combination of a safe. If the combination becomes known<br />
to an adversary, the strongest safe provides no security against penetration. Similarly, poor key<br />
management may easily compromise strong algorithms. Ultimately, the security of information<br />
protected by cryptography directly depends on the strength of the keys, the effectiveness of<br />
mechanisms and protocols associated with keys, and the protection afforded the keys.<br />
Cryptography can be rendered ineffective by the use of weak products, inappropriate algorithm<br />
pairing, poor physical security, and the use of weak protocols.<br />
All keys need to be protected against unauthorized substitution and modification. Secret and<br />
private keys need to be protected against unauthorized disclosure. Key management provides the<br />
foundation for the secure generation, storage, distribution, and destruction of keys.<br />
1.1 Goal/Purpose<br />
Users and developers are presented with many new choices in their use of cryptographic<br />
mechanisms. Inappropriate choices may result in an illusion of security, but little or no real<br />
security for the protocol or application. Basic key management guidance is provided in [SP800-<br />
21]. This recommendation (i.e., SP 800-57) expands on that guidance, provides background<br />
information and establishes frameworks to support appropriate decisions when selecting and<br />
using cryptographic mechanisms.<br />
15