What is Encryption Key Management?
Encryption key administration is administering the full lifecycle of cryptographic keys. This includes: generating, using, storing, archiving, and also deleting of keys. Protection of the encryption secrets consists of limiting access to the keys physically, logically, and also through user/role accessibility.
You are watching: What term best represents the resiliency of a cryptographic key to attacks?
|Click right here to view this ePublication offline|
“The proper management of cryptographic secrets is essential to the effective usage of cryptography for security. Keys are analogous to the combicountry of a safe. If a safe combicountry is known to an devil, the strongest safe gives no security versus penetration. Similarly, poor key management may quickly damage strong algorithms.” ~ NIST Recommendation for Key Management
NIST’s statement paints a precise photo. Like a safe’s combicountry, your encryption secrets are only as excellent as the defense you usage to protect them. There is a whole physical and digital cryptosystem that have to be must be accounted for and each key’s complete lifecycle. Therefore, a robust encryption key management system and also policies includes:Key lifecycle: essential generation, pre-activation, activation, expiration, post-activation, escrow, and destructionPhysical accessibility to the essential server(s)Logical access to the essential server(s)User/Role access to the encryption keys
Let’s gain started via a brief overwatch of the types of encryption keys.
^Back to Top
Types of Encryption Keys
See more: Which Of The Following Statements Concerning Users Of Accounting Information Is Incorrect?
Now that we have actually the interpretations in area, below is a step by action instance of just how an authorized user accesses encrypted data:A user researches to accessibility encrypted naipublishers.comrmation.The database, application, file system, or storage then sends out a DEK retrieval repursuit to the client (KM API).Next off, the client (KM API) and also KM verify each other’s certificates:The client (KM API) sends a certificate to the KM for verification.The KM then checks the certificate versus the CA for authentication.Once the client (KM API) certificate has actually been showed, the KM then sends its certificate to the KM API for authentication and acceptance.Once the certificates have actually been accepted, a secure TLS connection is establimelted in between the client (KM API) and the KM.The KM then decrypts the requested DEK via the KEKThe KM sends the DEK to the client (KM API) over the encrypted TLS session.The KM API then sends the DEK to the database, application, file system, or storage.The database (may) cache the DEK in temporary secure memory.The database, application, file mechanism, or storage then sends the plaintext naipublishers.comrmation to the user.Asymmetric Key Systems