NIST releases specs for crypto key establishment
- By William Jackson
- Sep 03, 2009
Approved algorithms such as the Advanced Encryption Standard (AES) and Triple DES provide strong cryptographic protection for sensitive data, but creating and sharing the secret keying material that makes them work can be a security challenge in its own right.
Keys can be manually distributed, but this scheme does not scale well, the National Institute of Standards and Technology says in its latest recommendations for handling cryptographic keys.
“As the number of entities using a system grows, the work involved in the distribution of the secret keying material grows rapidly,” NIST says in Special Publication 800-56B, titled Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography. “Therefore, it is essential to support the cryptographic algorithms used in modern U.S. Government applications with automated key establishment schemes.”
The publication gives specifications of key establishment schemes that are based on the ANS X9.44 standard, “Key Establishment Using Integer Factorization Cryptography.”
Cryptographic keys must be available both to the party encrypting data and to the party decrypting it. They can be established by both parties using a key establishment scheme in which the secret keying material is the result of contributions made by both parties, or a key transport scheme in which the sender creates the keying material and sends it, encrypted, to the receiver. The key agreement schemes described in this recommendation use asymmetric, or public-key, techniques. The key transport schemes use either public-key techniques or a combination of public key and symmetric key techniques.
The recommended are intended for use with NIST Special Publication 800-57 Part 1, “Recommendations for Key Management.” Although the specifications are based on the ANS X9.44 standard, where there are differences between the NIST recommendations and the standard the NIST recommendations take precedence for government applications. In general, the NIST recommendations are more restrictive than the standard.
The NIST recommendations include a more detailed level of validation testing, require a higher minimum strength for public keys, and allow the same key to be used both for key transport and for key agreement. For key-wrapping algorithms, NIST currently specifies only the AES algorithm. The recommendations also require a more stringent key confirmation that includes authentication of the party confirming the key.
William Jackson is freelance writer and the author of the CyberEye blog.