Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
Assurance of private key possession provides assurance that the owner of a public key<br />
actually possesses the corresponding private key (see Section 5.4.4).<br />
The period of protection for cryptographic keys, associated key information, and<br />
cryptographic parameters (e.g. initialization vectors) depends on the type of key, the<br />
associated cryptographic service, and the length of time for which the cryptographic<br />
service is required. The period of protection includes the cryptoperiod of the key (see<br />
Section 5.3). The period of protection is not necessarily the same for integrity as it is for<br />
confidentiality. Integrity protection may be required until a key is no longer used, but<br />
confidentiality protection may be required until the key is destroyed.<br />
6.1.1 Summary of Protection Requirements for Cryptographic Keys<br />
Table 5 provides a summary of the protection requirements for keys during distribution and<br />
storage. Methods for providing the necessary protection are discussed in Section 6.2.<br />
Guide to Table 5:<br />
a. Column 1 (Key Type) identifies the key types.<br />
b. Column 2 (<strong>Security</strong> Service) indicates the type of security service that is provided by the<br />
key in conjunction with a cryptographic technique.<br />
c. Column 3 (<strong>Security</strong> Protection) indicates the type of protection required for the key<br />
(archive, integrity, and confidentiality).<br />
d. Column 4 (Association Protection) indicates the types of associations that need to be<br />
protected for that key, such as associating the key with the usage or application, the<br />
authorized communications participants or other indicated information. The association<br />
with domain parameters applies only to algorithms where they are used.<br />
e. Column 5 (Assurances Required) indicates whether assurance of public key validity<br />
and/or assurance of private key possession needs to be obtained as defined in [SP800-56],<br />
[FIPS186-3] and this recommendation. Assurance of public key validity provides a<br />
degree of confidence that a key is arithmetically correct. See Section 5.4.3 for further<br />
details. Assurance of private key possession provides a degree of confidence that the<br />
entity providing a public key actually possessed the associated private key at some time.<br />
See Section 5.4.4 for further details.<br />
f. Column 6 (Period of Protection) indicates the length of time that the integrity and/or<br />
confidentiality of the key need to be maintained (see Section 5.3). Symmetric keys and<br />
private keys shall be destroyed at the end of their period of protection (see Sections 8.3.4<br />
and 9.3).<br />
73