HOME

TheInfoList



Click Here for Items Related To - Cryptographic key types
OR:
Cryptographic key types on:   [Wikipedia]   [Google]   [Amazon]

A
cryptographic key A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key ...
is a string of data that is used to lock or unlock cryptographic functions, including
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
,
authorization Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More for ...
and
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can dec ...
. Cryptographic keys are grouped into cryptographic key types according to the functions they perform.


Description

Consider a keyring that contains a variety of keys. These keys might be various shapes and sizes, but one thing is certain, each will generally serve a separate purpose. One key might be used to start an automobile, while another might be used to open a safety deposit box. The automobile key will not work to open the safety deposit box and vice versa. This analogy provides some insight on how cryptographic key types work. These keys are categorized in respect to how they are used and what properties they possess. A cryptographic key is categorized according to how it will be used and what properties it has. For example, a key might have one of the following properties: Symmetric, Public or Private. Keys may also be grouped into pairs that have one private and one public key, which is referred to as an Asymmetric key pair.


Asymmetric versus symmetric keys

Asymmetric keys differ from symmetric keys in that the algorithms use separate keys for encryption and decryption while a symmetric key’s algorithm uses a single key for both processes. Because multiple keys are used with an asymmetric algorithm, the process takes longer to produce than a symmetric key algorithm would. However, the benefits lay in the fact that an asymmetric algorithm is much more secure than a symmetric key algorithm is. With a symmetric key, the key needs to be transmitted to the receiver where there is always the possibility that the key could be intercepted or tampered with. With an asymmetric key, the message and/or accompanying data can be sent or received by using a public key; however, the receiver or sender would use his or her personal private key to access the message and/or accompanying data. Thus, asymmetric keys are suited for use for transmitting confidential messages and data and when authentication is required for assurance that the message has not been tampered with. Only the receiver, who is in possession of the private key’s corresponding to the public key(encryption only key), has the ability to decode the message. A public key can be sent back and forth between recipients, but a private key remains fixed to one location and is not sent back and forth, which keeps it safe from being intercepted during transmission.


Long term versus single use

Cryptographic keys may also have keys that designate they can be used for long-term (static, archived) use or used for a single session (ephemeral). The latter generally applies to the use of an Ephemeral Key Agreement Key. Most other key types are designed to last for long crypto-periods from about one to two years. When a shorter crypto-period is designed different key types may be used, such as Data Encryption keys, Symmetric Authentication keys, Private Key-Transport keys, Key-Wrapping keys, Authorization keys or RNG keys.


Key types

This page shows the classification of key types from the point of view of key management. In a key management system, each key should be labeled with one such type and that key should never be used for a different purpose. According to NIST SP 800-57 (Revision 4) the following types of keys exist: ; Private signature key: Private signature keys are the private keys of asymmetric (
public In public relations and communication science, publics are groups of individual people, and the public (a.k.a. the general public) is the totality of such groupings. This is a different concept to the sociological concept of the ''Öffentlichke ...
) key pairs that are used by public key algorithms to generate digital signatures with possible long-term implications. When properly handled, private signature keys can be used to provide
authentication Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicati ...
,
integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. Inte ...
and
non-repudiation Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challenged ...
. ; Public signature verification key: A public signature verification key is the public key of an asymmetric key pair that is used by a public key algorithm to verify digital signatures, either to authenticate a user's identity, to determine the integrity of the data, for non-repudiation, or a combination thereof. ; Symmetric authentication key:
Symmetric Symmetry (from grc, συμμετρία "agreement in dimensions, due proportion, arrangement") in everyday language refers to a sense of harmonious and beautiful proportion and balance. In mathematics, "symmetry" has a more precise definit ...
authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, or stored data. ; Private authentication key: A private authentication key is the private key of an asymmetric key pair that is used with a public key algorithm to provide assurance as to the integrity of information, and the identity of the originating entity or the source of messages, communication sessions, or stored data. ; Public authentication key: A public authentication key is the public key of an asymmetric key pair that is used with a public key algorithm to determine the integrity of information and to authenticate the identity of entities, or the source of messages, communication sessions, or stored data. ; Symmetric data encryption key: These keys are used with symmetric key algorithms to apply confidentiality protection to information. ; Symmetric key wrapping key: Symmetric key wrapping keys are used to encrypt other keys using symmetric key algorithms. Key wrapping keys are also known as key encrypting keys. ; Symmetric and asymmetric random number generation keys: These are keys used to generate random numbers. ; Symmetric master key: A symmetric master key is used to derive other symmetric keys (e.g., data encryption keys, key wrapping keys, or authentication keys) using symmetric cryptographic methods. ; Private key transport key: Private key transport keys are the private keys of asymmetric key pairs that are used to decrypt keys that have been encrypted with the associated public key using a public key algorithm. Key transport keys are usually used to establish keys (e.g., key wrapping keys, data encryption keys or
MAC Mac or MAC most commonly refers to: * Mac (computer), a family of personal computers made by Apple Inc. * Mackintosh, a raincoat made of rubberized cloth * A variant of the word macaroni, mostly used in the name of the dish mac and cheese * Mac, ...
keys) and, optionally, other keying material (e.g.,
initialization vector In cryptography, an initialization vector (IV) or starting variable (SV) is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to ...
s). ; Public key transport key: Public key transport keys are the public keys of asymmetric key pairs that are used to encrypt keys using a public key algorithm. These keys are used to establish keys (e.g., key wrapping keys, data encryption keys or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors). ; Symmetric
key agreement In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. If properly done, this precludes undesired third parties from forcing a key choice on the agreeing ...
key: These symmetric keys are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors) using a symmetric key agreement algorithm. ; Private static key agreement key: Private static key agreement keys are the private keys of asymmetric key pairs that are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors). ; Public static key agreement key: Public static key agreement keys are the public keys of asymmetric key pairs that are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors). ; Private ephemeral key agreement key: Private
ephemeral key A cryptographic key is called ephemeral if it is generated for each execution of a key establishment process. In some cases ephemeral keys are used more than once, within a single session (e.g., in broadcast applications) where the sender generat ...
agreement keys are the private keys of asymmetric key pairs that are used only once to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors). ; Public ephemeral key agreement key: Public ephemeral key agreement keys are the public keys of asymmetric key pairs that are used in a single key establishment transaction to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors). ; Symmetric authorization key: Symmetric
authorization Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More for ...
keys are used to provide privileges to an entity using a symmetric cryptographic method. The authorization key is known by the entity responsible for monitoring and granting access privileges for authorized entities and by the entity seeking access to resources. ; Private authorization key: A private authorization key is the private key of an asymmetric key pair that is used to provide privileges to an entity. ; Public authorization key: A public authorization key is the public key of an asymmetric key pair that is used to verify privileges for an entity that knows the associated private authorization key.


References

{{reflist


External links

* ''Recommendation for Key Management — Part 1: general,'
NIST Special Publication 800-57

NIST ''Cryptographic Toolkit''
Key management Data security