NIST, Computer Security Division, Computer Security Resource Center
Key Management
About Key Management
Generally-speaking, there are two types of key establishment techniques: 1) techniques based on asymmetric (public key) algorithms, and 2) techniques based on symmetric (secret key) algorithms. However, hybrid techniques are also commonly used, whereby public key techniques are used to establish symmetric (secret) key encryption keys, which are then used to establish other symmetric (secret) keys.
Back to TopKey Management Project
In 1997, NIST announced plans to develop a public key-based key management standard and solicited comments from the public. An initial public workshop was announced to discuss the security and interoperability requirements of the Federal Government and private industry, and the many techniques and options available. The first workshop was held in 2000. A white paper was subsequently developed that discusses the development process and provides a preliminary schedule. A second workshop was held in 2001 to discuss initial drafts of a Key Management Guideline and a Key Schemes document.
April 13, 2009: NIST announced a Key Management Workshop. For more information see the workshop homepage.
Back to TopKey Management Guideline
The Key Management Guideline is under development and has been divided into three parts. Part 1 has been approved (August 2005). Parts 2 and 3 are still under development.
SP 800-57 Part 1, Recommendation for Key Management - Part 1: General (Revised) contains general guidance and has been updated (March 2007).
SP 800-57 Part 2, Recommendation for Key Management - Part 2: Best Practices for Key Management Organizations provides guidance for system and application owners for use in identifying appropriate organizational key management infrastructures, establishing organizational key management policies, and specifying organizational key management practices. Public comments are available for Part 2 draft.
SP 800-57, Part 3 DRAFT Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance. NIST announces the release of a draft of Part 3 of Special Publication 800-57, Recommendation for Key Management: Application-Specific Key Management Guidance. This Recommendation provides guidance when using the cryptographic features of current systems. It is intended to help system administrators and system installers adequately secure applications based on product availability and organizational needs, and to support organizational decisions about future procurements. The guide also provides information for end users regarding application options left under their control in the normal use of the application. Recommendations are given for a select set of applications, namely: PKI, IPsec, TLS, S/MIME, Kerberos, OTAR, DNSSEC and Encrypted File Systems. Other topics will be added at a later time, and commenters are invited to suggest such topics. Please submit comments to ebarker@nist.gov with "Comments on Draft 800-57, Part 3" in the subject line. The comment period closes on January 16th, 2009.
Back to TopKey Schemes
The Recommendation for Key Establishment Schemes is under development and has been divided into two parts. SP 800-56A has been updated (March 2007). SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography specifies key establishment schemes based on standards developed by the Accredited Standards Committee (ASC) X9, Inc.: ANS X9.42 (Agreement of Symmetric Keys Using Discrete Logarithm Cryptography) and ANS X9.63 (Key Agreement and Key Transport Using Elliptic Curve Cryptography).
December 10, 2008: NIST requests comments on Draft SP 800-56B, Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. This Recommendation provides the specifications of asymmetric-based key agreement and key transport schemes that are based on the Rivest Shamir Adleman (RSA) algorithm. Please provide comments to ebarker@nist.gov by February 12, 2009, with “Comments on SP 800-56B” in the subject line
A specification is available for AES key wrapping.
Back to TopComments
NIST welcomes the submission of comments on this project at any time. Comments on the Key Management Guideline should be addressed to GuidelineComments@nist.gov. Comments on the Key Establishment Schemes document should be addressed to kmscomments@nist.gov.
Comments on the previous draft of the Recommendation for Key Management - Part 1.
Back to TopTesting Products
Testing is not currently available for key management techniques.
Back to TopFuture Plans
NIST is considering what action to take with FIPS 171, since X9.17 has been withdrawn by ANSI.