Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Cryptographic key<br />
(key)<br />
March, 2007<br />
A parameter used in conjunction with a cryptographic algorithm that<br />
determines its operation in such a way that an entity with knowledge of<br />
the key can reproduce or reverse the operation, while an entity without<br />
knowledge of the key cannot. Examples include:<br />
1. The transformation of plaintext data into ciphertext data,<br />
2. The transformation of ciphertext data into plaintext data,<br />
3. The computation of a digital signature from data,<br />
4. The verification of a digital signature,<br />
5. The computation of an authentication code from data,<br />
6. The verification of an authentication code from data and a<br />
received authentication code,<br />
7. The computation of a shared secret that is used to derive keying<br />
material.<br />
Cryptographic key One of at least two parameters that have the same security properties<br />
component (key (e.g., randomness) as a cryptographic key; parameters are combined in<br />
component) an Approved security function to form a plaintext cryptographic key<br />
before use.<br />
Cryptographic module The set of hardware, software, and/or firmware that implements<br />
Approved security functions (including cryptographic algorithms and<br />
key generation) and is contained within the cryptographic boundary.<br />
Cryptomodule See cryptographic module.<br />
Cryptoperiod The time span during which a specific key is authorized for use or in<br />
which the keys for a given system or application may remain in effect.<br />
Data integrity A property whereby data has not been altered in an unauthorized<br />
manner since it was created, transmitted or stored.<br />
In this recommendation, the statement that a cryptographic algorithm<br />
"provides data integrity" means that the algorithm is used to detect<br />
unauthorized alterations.<br />
Decryption The process of changing ciphertext into plaintext using a cryptographic<br />
algorithm and key.<br />
Deterministic random An algorithm that produces a sequence of bits that are uniquely<br />
bit generator (DRBG) determined from an initial value called a seed. The output of the DRBG<br />
“appears” to be random, i.e., the output is statistically indistinguishable<br />
from random values. A cryptographic DRBG has the additional<br />
property that the output is unpredictable, given that the seed is not<br />
known. A DRBG is sometimes also called a Pseudo Random Number<br />
Generator (PRNG) or a deterministic random number generator.<br />
21