Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Key Management<br />
Policy<br />
Key Management<br />
Practices Statement<br />
March, 2007<br />
The Key Management Policy is a high-level statement of<br />
organizational key management policies that identifies high-level<br />
structure, responsibilities, governing standards and recommendations,<br />
organizational dependencies and other relationships, and security<br />
policies.<br />
The Key Management Practices Statement is a document or set of<br />
documentation that describes in detail the organizational structure,<br />
responsible roles, and organization rules for the functions identified in<br />
the Key Management Policy.<br />
Key pair A public key and its corresponding private key; a key pair is used with<br />
a public key algorithm.<br />
Key recovery A function in the lifecycle of keying material; mechanisms and<br />
processes that allow authorized entities to retrieve keying material from<br />
key backup or archive.<br />
Key registration A function in the lifecycle of keying material; the process of officially<br />
recording the keying material by a registration authority.<br />
Key revocation A function in the lifecycle of keying material; a process whereby a<br />
notice is made available to affected entities that keying material should<br />
be removed from operational use prior to the end of the established<br />
cryptoperiod of that keying material.<br />
Key transport A key establishment procedure whereby one party (the sender) selects<br />
and encrypts the keying material and then distributes the material to<br />
another party (the receiver).<br />
When used in conjunction with a public key (asymmetric) algorithm,<br />
the keying material is encrypted using the public key of the receiver<br />
and subsequently decrypted using the private key of the receiver. When<br />
used in conjunction with a symmetric algorithm, the keying material is<br />
wrapped with a key encrypting key shared by the two parties.<br />
Key update A function performed on a cryptographic key in order to compute a<br />
new but related key.<br />
Key usage period For a symmetric key, either the originator usage period or the recipient<br />
usage period.<br />
Key wrapping A method of encrypting keys (along with associated integrity<br />
information) that provides both confidentiality and integrity protection<br />
using a symmetric key.<br />
Key wrapping key A symmetric key encrypting key.<br />
Keying material The data (e.g., keys and IVs) necessary to establish and maintain<br />
cryptographic keying relationships.<br />
Label Information associated with a key that identifies the key’s parameters<br />
attributes or intended use.<br />
24