Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
19. Public authorization key:<br />
March, 2007<br />
a. Type Considerations: A public authorization key is the public element of an<br />
asymmetric key pair used to verify privileges for an entity that possesses the associated<br />
private key. The length of the public authorization key cryptoperiod is of far less concern,<br />
from a security point of view, than is that of the associated private key.<br />
b. Cryptoperiod: The cryptoperiod of the public authorization key shall be the same as<br />
the authorization private key: no more than two years.<br />
Table 1 below is a summary of the cryptoperiods that are recommended for each key type.<br />
Table 1: Recommended Cryptoperiods for key types 13<br />
Key Type<br />
Originator Usage<br />
Period (OUP)<br />
Cryptoperiod<br />
Recipient Usage<br />
Period<br />
1. Private Signature Key 1-3 years<br />
2. Public Signature Key Several years (depends on key size)<br />
3. Symmetric Authentication<br />
Key<br />
< 2 years < OUP + 3 years<br />
4. Private Authentication Key 1-2 years<br />
5. Public Authentication Key 1-2 years<br />
6. Symmetric Data Encryption<br />
Keys<br />
7. Symmetric Key Wrapping<br />
Key<br />
8. Symmetric and asymmetric<br />
RNG Keys<br />
< 2 years < OUP + 3 years<br />
< 2 years < OUP + 3 years<br />
Upon reseeding<br />
9. Symmetric Master Key About 1 year<br />
10. Private Key Transport Key < 2 years 14<br />
11. Public Key Transport Key 1-2 years<br />
13 In some cases risk factors affect the cryptoperiod selection (see Section 5.3.1).<br />
14 . In certain email applications where received messages are stored and decrypted at a later time, the cryptoperiod<br />
of the private key transport key may exceed the cryptoperiod of the public key transport key.<br />
55