Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6.2.2.5 Association with the Other Entities<br />
March, 2007<br />
Some cryptographic information needs to be correctly associated with another entity (e.g., the<br />
key source), and the integrity of this association shall be maintained. For example, a symmetric<br />
(secret) key used for the encryption of information, or keys used for the computation of a MAC<br />
needs to be associated with the other entity(ies) that shares the key. Public keys need to be<br />
correctly associated (bound) with the owner of the key pair (e.g., using public key certificates).<br />
The cryptographic information shall retain its association during storage by separating the<br />
information by “entity” or application, or by properly labeling of the information. Section 6.2.3<br />
addresses the labeling of cryptographic information.<br />
6.2.2.6 Association with Other Related Information<br />
An association may need to be maintained between protected information and the keying<br />
material that protected that information. In addition, keys may require association with other<br />
keying material (see Section 6.2.1.6).<br />
The association is accomplished by storing the information together or providing some linkage<br />
or pointer between the information. Typically, the linkage between a key and the information it<br />
protects is accomplished by providing an identifier for a key, storing the identifier with the key<br />
in an identification/label, and storing the key’s identifier with the protected information. The<br />
association shall be maintained for as long as the protected information needs to be processed.<br />
Section 6.2.3 addresses the labeling of cryptographic information.<br />
6.2.3 Labeling of Cryptographic Information<br />
Labels may be used with cryptographic information to define the use of that information or to<br />
provide a linkage between cryptographic information.<br />
6.2.3.1 Labels for Keys<br />
A label may be used to identify attributes, parameters, or the intended use of a key. Different<br />
applications may require different labels for the same key type, and different labels may be<br />
required for different key types. It is the responsibility of an implementer to select a suitable<br />
label for a key. When labels are used, the label should accompany a key (i.e., is typically stored<br />
or transmitted with a key). Some examples of label contents are:<br />
1. Key identifier<br />
2. Information identifying associated keys (e.g., the association between a public and<br />
private key)<br />
3. Identity of the key’s owner or the sharing entity<br />
4. Cryptoperiod (e.g., start date and end date)<br />
5. Key type (e.g., signing private key, encryption key, master key)<br />
6. Application (e.g., purchasing, email)<br />
7. Counter 27<br />
27 Used to detect the playback of a previously transmitted key package<br />
83