FAQs

Key Management FAQ

Cryptographic Key management is the management of cryptographic keys in a cryptosystem. This includes dealing with the generation, creation, protection, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It enables selective restriction for certain keys and also involves the monitoring and recording of each key’s access, use and context.

CKM has been identified as a major component of various national cyber security initiatives that address the protection of information processing applications. Numerous issues have been identified in current key management methodologies that need to be addressed, including the lack of technical and operational CKM guidance, the poor scalability of the methods used to distribute cryptographic keys, and the general lack of user-friendliness of these methods. This project is intended to identify the inadequacies of the current key management methodologies, and to assist in making a transition to more useful and appropriate key management methods. 

Cryptography is a fundamental and integral component for protecting information during communications and in some data storage media. Cryptographic technology includes, but is not limited to, data encryption algorithms, digital signature algorithms, data authentication algorithms, communication protocols to utilize and support these algorithms, and cryptographic key management. CKM includes the policies for selecting appropriate key generation/establishment algorithms and key sizes, the key establishment schemes and protocols to utilize and support the distribution of keys, the protection and maintenance of keys and related data, and the integration of key management with cryptographic technology to provide the required type and level of protection specified by the overall security policy of an organization. Cryptographic Key Management Systems are the components of CKM that are automated to perform the services required in creating, distributing, and managing keys used in all cryptographic applications.

cryptographic key is a string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa. This key remains private and ensures secure communication. A cryptographic key is the core part of cryptographic operations.

Private signature key

Private signature keys are the private keys of asymmetric (public) key pairs that are used by public key algorithms to generate digital signatures with possible long-term implications. When properly handled, private signature keys can be used to provide authentication, integrity and non-repudiation.

Public signature verification key

A public signature verification key is the public key of an asymmetric key pair that is used by a public key algorithm to verify digital signatures, either to authenticate a user’s identity, to determine the integrity of the data, for non-repudiation, or a combination thereof.

Symmetric authentication key

Symmetric authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, or stored data.

Private authentication key

A private authentication key is the private key of an asymmetric key pair that is used with a public key algorithm to provide assurance as to the integrity of information, and the identity of the originating entity or the source of messages, communication sessions, or stored data.

Public authentication key

A public authentication key is the public key of an asymmetric key pair that is used with a public key algorithm to determine the integrity of information and to authenticate the identity of entities, or the source of messages, communication sessions, or stored data.

Symmetric data encryption key

These keys are used with symmetric key algorithms to apply confidentiality protection to information.

Symmetric key wrapping key

Symmetric key wrapping keys are used to encrypt other keys using symmetric key algorithms. Key wrapping keys are also known as key encrypting keys.

Symmetric and asymmetric random number generation keys

These are keys used to generate random numbers.

Symmetric master key

A symmetric master key is used to derive other symmetric keys (e.g., data encryption keys, key wrapping keys, or authentication keys) using symmetric cryptographic methods.

Private key transport key

Private key transport keys are the private keys of asymmetric key pairs that are used to decrypt keys that have been encrypted with the associated public key using a public key algorithm. Key transport keys are usually used to establish keys (e.g., key wrapping keys, data encryption keys or MAC keys) and, optionally, other keying material (e.g., initialization vectors).

Public key transport key

Public key transport keys are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm. These keys are used to establish keys (e.g., key wrapping keys, data encryption keys or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).

Symmetric key agreement key

These symmetric keys are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors) using a symmetric key agreement algorithm.

Private static key agreement key

Private static key agreement keys are the private keys of asymmetric key pairs that are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).

Public static key agreement key

Public static key agreement keys are the public keys of asymmetric key pairs that are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).

Private ephemeral key agreement key

Private ephemeral key agreement keys are the private keys of asymmetric key pairs that are used only once to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).

Public ephemeral key agreement key

Public ephemeral key agreement keys are the public keys of asymmetric key pairs that are used in a single key establishment transaction to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).

Symmetric authorization key

Symmetric authorization keys are used to provide privileges to an entity using a symmetric cryptographic method. The authorization key is known by the entity responsible for monitoring and granting access privileges for authorized entities and by the entity seeking access to resources.

Private authorization key

A private authorization key is the private key of an asymmetric key pair that is used to provide privileges to an entity.

Public authorization key

A public authorization key is the public key of an asymmetric key pair that is used to verify privileges for an entity that knows the associated private authorization key.

The key to encrypt the DEK is stored in a totally separate server and is called the Key Encryption Key (KEK). So everytime a data is to be encrypted / decrypted, first the KEK is used to decrypt the en_dek, which gives me the actual DEK, and then this DEK is used to encrypt / decrypt the user’s data.

About Us

Silk Systems is a silicon valley based company aiming to simplify the data storage needs of companies in various industries worldwide. The company was founded on the principle of making the order and support process for customized, industrial and off the shelf storage much easier. Making sure the client experiences excellent, cost effective service while maintaining the highest standard of quality.

Facebook Twitter
Quick Links
Contact Us

© Copyright 2022 Silk Systems. All Rights Reserved.