Cryptographic key types


Cryptographic key types

One of the most important aspects of any cryptographic system is key management; it is also the aspect which is most often neglected.[citation needed] A very common mistake is mixing different key types and reusing the same key for different purposes. An example with devastating consequences is the reuse of the same symmetric key for both symmetric authentication in CBC-MAC and symmetric data encryption in CBC encryption.

This page shows the classification of key types from the point of view of key management. In a key management system each key should be labeled with one such type and that key should never be used for a different purpose. According to NIST SP 800-57 the following types of keys exist:

Private signature key
Private signature keys are the private keys of asymmetric (public) key pairs that are used by public key algorithms to generate digital signatures with possible long-term implications. When properly handled, private signature keys can be used to provide authentication, integrity and non-repudiation.
Public signature verification key
A public signature verification key is the public key of an asymmetric (public) key pair that is used by a public key algorithm to verify digital signatures, either to authenticate a user's identity, to determine the integrity of the data, for non-repudiation, or a combination thereof.
Symmetric authentication key
Symmetric authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, or stored data.
Private authentication key
A private authentication key is the private key of an asymmetric (public) key pair that is used with a public key algorithm to provide assurance as to the integrity of information, and the identity of the originating entity or the source of messages, communication sessions, or stored data.
Public authentication key
A public authentication key is the public key of an asymmetric (public) key pair that is used with a public key algorithm to determine the integrity of information and to authenticate the identity of entities, or the source of messages, communication sessions, or stored data.
Symmetric data encryption key
These keys are used with symmetric key algorithms to apply confidentiality protection to information.
Symmetric key wrapping key
Symmetric key wrapping keys are used to encrypt other keys using symmetric key algorithms. Key wrapping keys are also known as key encrypting keys.
Symmetric and asymmetric random number generation keys
These keys are keys used to generate random numbers.
Symmetric master key
A symmetric master key is used to derive other symmetric keys (e.g., data encryption keys, key wrapping keys, or authentication keys) using symmetric cryptographic methods.
Private key transport key
Private key transport keys are the private keys of asymmetric (public) key pairs that are used to decrypt keys that have been encrypted with the associated public key using a public key algorithm. Key transport keys are usually used to establish keys (e.g., key wrapping keys, data encryption keys or MAC keys) and, optionally, other keying material (e.g., initialization vectors).
Public key transport key
Public key transport keys are the public keys of asymmetric (public) key pairs that are used to encrypt keys using a public key algorithm. These keys are used to establish keys (e.g., key wrapping keys, data encryption keys or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Symmetric key agreement key
These symmetric keys are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors) using a symmetric key agreement algorithm.
Private static key agreement key
Private static key agreement keys are the private keys of asymmetric (public) key pairs that are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Public static key agreement key
Public static key agreement keys are the public keys of asymmetric (public) key pairs that are used to establish keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Private ephemeral key agreement key
Private ephemeral key agreement keys are the private keys of asymmetric (public) key pairs that are used only once to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Public ephemeral key agreement key
Public ephemeral key agreement keys are the public keys of asymmetric key pairs that are used in a single key establishment transaction to establish one or more keys (e.g., key wrapping keys, data encryption keys, or MAC keys) and, optionally, other keying material (e.g., Initialization Vectors).
Symmetric authorization key
Symmetric authorization keys are used to provide privileges to an entity using a symmetric cryptographic method. The authorization key is known by the entity responsible for monitoring and granting access privileges for authorized entities and by the entity seeking access to resources.
Private authorization key
A private authorization key is the private key of an asymmetric (public) key pair that is used to provide privileges to an entity.
Public authorization key
A public authorization key is the public key of an asymmetric (public) key pair that is used to verify privileges for an entity that knows the associated private authorization key.

See also


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Glossary of cryptographic key types — This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see… …   Wikipedia

  • List of cryptographic key types — This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA) . For classification of keys according to their usage see… …   Wikipedia

  • Key management — is a term used to describe two different fields; (1) cryptography, and (2) physical key management (or electronic key management) within building or campus access control.In cryptography, key management includes all of the provisions made in a… …   Wikipedia

  • Key (cryptography) — In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the… …   Wikipedia

  • Key size — In cryptography, key size or key length is the size measured in bits[1] of the key used in a cryptographic algorithm (such as a cipher). An algorithm s key length is distinct from its cryptographic security, which is a logarithmic measure of the… …   Wikipedia

  • Key disclosure law — Key disclosure laws, also known as mandatory key disclosure, is legislation that require individuals to surrender cryptographic keys to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and …   Wikipedia

  • Cryptographic hash function — A cryptographic hash function (specifically, SHA 1) at work. Note that even small changes in the source input (here in the word over ) drastically change the resulting output, by the so called avalanche effect. A cryptographic hash function is a… …   Wikipedia

  • Cryptographic protocol — A security protocol (cryptographic protocol or encryption protocol) is an abstract or concrete protocol that performs a security related function and applies cryptographic methods. A protocol describes how the algorithms should be used. A… …   Wikipedia

  • Ephemeral key — A cryptographic key is called ephemeral if it is generated for each execution of a key establishment process. In some cases ephemeral keys are used more than once, within a single session (e.g., in broadcast applications) where the sender… …   Wikipedia

  • Static key — A key is called static if it is intended for use for a relatively long period of time and is typically intended for use in many instances of a cryptographic key establishment scheme. Contrast with an ephemeral key.ee also* Cryptographic key types …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.