Key Management

About Key Management

Generally-speaking, there are two types of key establishment techniques: 1) techniques based on asymmetric (public key) algorithms, and 2) techniques based on symmetric (secret key) algorithms. However, hybrid techniques are also commonly used, whereby public key techniques are used to establish symmetric (secret) key encryption keys, which are then used to establish other symmetric (secret) keys.

Back to Top

Key Management Project

In 1997, NIST announced plans to develop a public key-based key management standard and solicited comments from the public. An initial public workshop was announced to discuss the security and interoperability requirements of the Federal Government and private industry, and the many techniques and options available. The first workshop was held in 2000. A white paper was subsequently developed that discusses the development process and provides a preliminary schedule. A second workshop was held in 2001 to discuss initial drafts of a Key Management Guideline and a Key Schemes document.

Back to Top

Key Management Guideline

The Key Management Guideline is under development and has been divided into three parts. Part 1 has been approved (August 2005). Parts 2 and 3 are still under development.

SP 800-57 Part 1, Recommendation for Key Management - Part 1: General (Revised) contains general guidance and has been updated (March 2007).

Part 2 provides guidance for system and application owners for use in identifying appropriate organizational key management infrastructures, establishing organizational key management policies, and specifying organizational key management practices. Public comments are available for Part 2 draft.

Part 3 is intended to provide guidance to system administrators regarding the use of cryptographic algorithms in specific applications, select products to satisfy specific operational environments, and configure the products appropriately. An initial draft of the material in this part was included in the initial draft of the guideline.

Back to Top

Key Schemes

The Recommendation for Key Establishment Schemes is under development and has been divided into two parts. SP 800-56A has been updated (March 2007). SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography specifies key establishment schemes based on standards developed by the Accredited Standards Committee (ASC) X9, Inc.: ANS X9.42 (Agreement of Symmetric Keys Using Discrete Logarithm Cryptography) and ANS X9.63 (Key Agreement and Key Transport Using Elliptic Curve Cryptography).

SP 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography, will specify key establishment schemes based on a standard developed by the Accredited Standards Committee (ASC) X9, Inc.: ANS X9.44 (Public-Key Cryptography for the Financial Services Industry: Key Establishment Using Integer Factorization Cryptography).

A specification is available for AES key wrapping.

Back to Top

Comments

NIST welcomes the submission of comments on this project at any time. Comments on the Key Management Guideline should be addressed to GuidelineComments@nist.gov. Comments on the Key Establishment Schemes document should be addressed to kmscomments@nist.gov.

Comments on the previous draft of the Recommendation for Key Management - Part 1.

Back to Top

Testing Products

Testing is not currently available for key management techniques.

Back to Top

Future Plans

NIST is considering what action to take with FIPS 171, since X9.17 has been withdrawn by ANSI.