Key management manages the keys needed for cryptographic procedures. They can be symmetric or asymmetric keys. The tasks of key management include the generation, storage, exchange, and protection of keys.
What is key management?
Alternative terms for key management are encryption key management or simply key management. Key management takes care of the administration of the asymmetric or symmetric keys needed for the encryption procedures. The security of encrypted communications or encrypted data is directly dependent on key management. It ensures the secrecy of the keys and checks them for authenticity.
Large numbers of keys can be generated, stored, provisioned, exchanged, and protected by key management. IT solutions for automated key management replace error-prone manual management procedures. They are audit-proof and offer high security and availability.
In asymmetric encryption processes with public and private keys, key management ensures that public keys actually belong to the specified person or application and the private key. Verification is performed by a trusted authority such as a Certification Authority (CA) or a Trust Center (TC).
In principle, a distinction can be made between decentralized and centralized key management. Among other things, the ITU-T standard X.509 describes certificate and key management procedures using a public key infrastructure (PKI). The Key Management Interoperability Protocol (KMIP) is a standardized protocol for communicating with key management systems.
Key management objectives
The goals of key management are:
- Management and control of all required encryption keys
- Secure management of a large number of keys
- Security of the keys against unauthorized access and hacking attacks
- Access to the keys with high availability for authorized persons
- Support of different procedures, applications, standards, and key types
- Adherence to legal requirements and compliance guidelines
Elementary functions of key management
The most important functions of key management are:
- Generation of cryptographic keys
- Secure storage of cryptographic keys
- Provision of cryptographic keys
- Secure transmission of cryptographic keys
- Withdrawal of invalid or compromised cryptographic keys
- Secure destruction of invalid or compromised cryptographic keys
- Secure communication with cryptographic applications
- Key management for the different key types
Cryptographic procedures use different key types. Depending on the procedure, symmetric or asymmetric procedures are used. Key management must be able to securely manage different key types. Symmetric keys are used for both encryption and decryption. They must be protected from unauthorized access under all circumstances and must be communicated to users or communication partners via secure procedures.
Asymmetric encryption methods use private and public keys that belong together. The public key associated with a private key can be used by anyone. Key management must ensure that the affiliation of a public key to the owner of the private key is proven beyond doubt. Digital certificates are used in the X.509 standard to confirm the identity and other properties of public cryptographic keys.
The KMIP key management protocol
The Key Management Interoperability Protocol, abbreviated KMIP, is a communication protocol standardized by OASIS (Organization for the Advancement of Structured Information Standards) that enables applications and systems to exchange information securely with key management systems. It allows the realization of centralized key management.