Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
they have been encrypted for transport, the cryptoperiod of the public key transport key<br />
may be shorter than that of the associated private key.<br />
b. Cryptoperiod: Based on cryptoperiod assumptions for associated private keys, a<br />
maximum recommended cryptoperiod might be about 1 - 2 years.<br />
12. Symmetric key agreement key:<br />
a. Type Considerations: A symmetric key agreement key may be used multiple times.<br />
<strong>General</strong>ly, the cryptoperiod equals the originator usage period which equals the recipient<br />
usage period. The cryptoperiod of these keys depend on 1) environmental security<br />
factors, 2) the nature (e.g., types and formats) and volume of keys they are used to<br />
establish, and 3) the details of the key agreement algorithms and protocols employed.<br />
Note that symmetric key agreement keys may be used to establish symmetric keys (e.g.,<br />
symmetric data encryption keys) or other keying material (e.g., IVs).<br />
b. Cryptoperiod: Given an assumption that the cryptography that employs symmetric key<br />
agreement keys 1) employs an algorithm and key scheme compliant with NIST standards,<br />
2) the cryptographic device meets [FIPS140-2] requirements, and 3) the risk levels are<br />
established in conformance to [FIPS199], an appropriate cryptoperiod for the key would<br />
be 1-2 years.<br />
13. Private static key agreement key:<br />
a. Type Considerations: A private static key agreement key may be used multiple times.<br />
As in the case of symmetric key agreement keys, the cryptoperiod of these keys depend<br />
on 1) environmental security factors, 2) the nature (e.g., types and formats) and volume<br />
of keys they are used to establish, and 3) the details of the key agreement algorithms and<br />
protocols employed. Note that private static key agreement keys may be used to establish<br />
symmetric keys (e.g., key wrapping keys) or other secret keying material.<br />
b. Cryptoperiod: Given an assumption that the cryptography that employs private static<br />
key agreement keys 1) employs an algorithm and key scheme compliant with NIST<br />
standards, 2) the cryptographic device meets [FIPS140-2] requirements, and 3) the risk<br />
levels are established in conformance to [FIPS199], an appropriate cryptoperiod for the<br />
key would be 1-2 years. In certain applications (e.g., email), whereby received messages<br />
are stored and decrypted at a later time, the cryptoperiod of the private static key<br />
agreement key may exceed the cryptoperiod of the public static key agreement key.<br />
14. Public static key agreement key:<br />
a. Type Considerations: The cryptoperiod for a public static key agreement key is the<br />
same as the cryptoperiod of the associated private static key agreement key. See the<br />
discussion for the private static key agreement key. However, the length of the public<br />
static key agreement key cryptoperiod is of far less concern, from a security point of<br />
view, than is that of the associated private key.<br />
b. Cryptoperiod: The cryptoperiod of the public static key agreement key may be 1-2<br />
years.<br />
53