Key management is the management of cryptographic keys in a cryptosystem.

This i
ncludes dealing with the generation, exchange, storage, use, and replacement of
keys. It includes cryptographic protocol design, key servers, user procedures, a
nd other relevant protocols.
Key management concerns keys at the user level, either between users or systems.
This is in contrast to key scheduling; key scheduling typically refers to the i
nternal handling of key material within the operation of a cipher.
Successful key management is critical to the security of a cryptosystem. In prac
tice it is arguably the most difficult aspect of cryptography because it involve
s system policy, user training, organizational and departmental interactions, an
d coordination between all of these elements.
Types of keys[edit]
Main article: Cryptographic key types
Cryptographic systems may use different types of keys, with some systems using m
ore than one. These may include symmetric keys or asymmetric keys. In a symmetri
c key algorithm the keys involved are identical for both encrypting and decrypti
ng a message. Keys must be chosen carefully, and distributed and stored securely
. Asymmetric keys, in contrast, are two distinct keys that are mathematically li
nked. They are typically used in conjunction to communicate.
Key exchange[edit]
Prior to any secured communication, users must set up the details of the cryptog
raphy. In some instances this may require exchanging identical keys (in the case
of a symmetric key system). In others it may require possessing the other party
's public key. While public keys can be openly exchanged (their corresponding pr
ivate key is kept secret), symmetric keys must be exchanged over a secure commun
ication channel. Formerly, exchange of such a key was extremely troublesome, and
was greatly eased by access to secure channels such as a diplomatic bag. Clear
text exchange of symmetric keys would enable any interceptor to immediately lear
n the key, and any encrypted data.
The advance of public key cryptography in the 1970s has made the exchange of key
s less troublesome. Since the Diffie-Hellman key exchange protocol was published
in 1975, it has become possible to exchange a key over an insecure communicatio
ns channel, which has substantially reduced the risk of key disclosure during di
stribution. It is possible, using something akin to a book code, to include key
indicators as clear text attached to an encrypted message. The encryption techni
que used by Richard Sorge's code clerk was of this type, referring to a page in
a statistical manual, though it was in fact a code. The German Army Enigma symme
tric encryption key was a mixed type early in its use; the key was a combination
of secretly distributed key schedules and a user chosen session key component f
or each message.
In more modern systems, such as OpenPGP compatible systems, a session key for a
symmetric key algorithm is distributed encrypted by an asymmetric key algorithm.
This approach avoids even the necessity for using a key exchange protocol like
Diffie-Hellman key exchange.
Another method of key exchange involves encapsulating one key within another. Ty
pically a master key is generated and exchanged using some secure method. This m
ethod is usually cumbersome or expensive (breaking a master key into multiple pa
rts and sending each with a trusted courier for example) and not suitable for us
e on a larger scale. Once the master key has been securely exchanged, it can the
n be used to securely exchange subsequent keys with ease. This technique is usua
lly termed Key Wrap. A common technique uses Block ciphers and cryptographic has
h functions.[1]
A related method is to exchange a master key (sometimes termed a root key) and d
erive subsidiary keys as needed from that key and some other data (often referre
d to as diversification data). The most common use for this method is probably i
n SmartCard based cryptosystems, such as those found in banking cards. The bank
or credit network embeds their secret key into the card's secure key storage dur
ing card production at a secured production facility. Then at the Point of sale
the card and card reader are both able to derive a common set of session keys ba
sed on the shared secret key and card-specific data (such as the card serial num
ber). This method can also be used when keys must be related to each other (i.e.
, departmental keys are tied to divisional keys, and individual keys tied to dep
artmental keys). However, tying keys to each other in this way increases the dam
age which may result from a security breach as attackers will learn something ab
out more than one key. This reduces entropy, with regard to an attacker, for eac
h key involved.
Key storage[edit]
However distributed, keys must be stored securely to maintain communications sec
urity. There are various techniques in use to do so. Likely the most common is t
hat an encryption application manages keys for the user and depends on an access
password to control use of the key.
Key use[edit]
The major issue is length of key use, and therefore frequency of replacement. Be
cause it increases any attacker's required effort, keys should be frequently cha
nged. This also limits loss of information, as the number of stored encrypted me
ssages which will become readable when a key is found will decrease as the frequ
ency of key change increases. Historically, symmetric keys have been used for lo
ng periods in situations in which key exchange was very difficult or only possib
le intermittently. Ideally, the symmetric key should change with each message or
interaction, so that only that message will become readable if the key is learn
ed (e.g., stolen, cryptanalyzed, or social engineered).
Public Key Infrastructure (PKI)[edit]
Main article: Public Key Infrastructure
A public key infrastructure is a type of key management system that uses hierarc
hical digital certificates to provide authentication, and public keys to provide
encryption. PKIs are used in World Wide Web traffic, commonly in the form of SS
L and TLS.
Enterprise Key and Certificate Management (EKCM)[edit]
The starting point in any certificate and private key management strategy is to
create a comprehensive inventory of all certificates, their locations and respon
sible parties. This is not a trivial matter because certificates from a variety
of sources are deployed in a variety of locations by different individuals and t
eams - it's simply not possible to rely on a list from a single certificate auth
ority. Certificates that are not renewed and replaced before they expire can cau
se serious downtime and outages. Some other considerations:
Regulations and requirements, like PCI-DSS, demand stringent security and manage
ment of cryptographic keys and auditors are increasingly reviewing the managemen
t controls and processes in use.
Private keys used with certificates must be kept secure or unauthorised individu
als can intercept confidential communications or gain unauthorised access to cri
tical systems. Failure to ensure proper segregation of duties means that admins
who generate the encryption keys can use them to access sensitive, regulated dat
a.
If a certificate authority is compromised or an encryption algorithm is broken,
organizations must be prepared to replace all of their certificates and keys in
a matter of hours.
Multicast Group Key Management[edit]
Group Key Management means managing the keys in a group communication. Most of t
he group communications use multicast communication so that if the message is se
nt once by the sender, it will be received by all the users. The main problem in
multicast group communication is its security. In order to improve the security
, various keys are given to the users. Using the keys, the users can encrypt the
ir messages and send them secretly.
Challenges of Key Management[edit]
Several challenges IT organizations face when trying to control and manage their
encryption keys are:
Complex Management: Managing a plethora of encryption keys in the millions.
Security Issues: Vulnerability of keys from outside hackers/malicious insiders.
Data Availability: Ensuring data accessibility for authorized users.
Scalability: Supporting multiple databases, applications and standards.
Governance: Defining policy driven, access, control and protection for data.[2]
Types of Key Management Systems[edit]
There are two types of key management systems
Integrated Key Management System
Third-Party Key Management System[3]
Key management solution[edit]
A key management solution (KMS) is an integrated approach for generating, distri
buting and managing cryptographic keys for devices and applications. Compared to
the term key management, a KMS is tailored to specific use-cases such as secure
software update or machine-to-machine communication. In an holistic approach, i
t covers all aspects of security - from the secure generation of keys over the s
ecure exchange of keys up to secure key handling and storage on the client. Thus
, a KMS includes the backend functionality for key generation, distribution, and
replacement as well as the client functionality for injecting keys, storing and
managing keys on devices. With the Internet of Things, KMS become a crucial par
t for the security of connected devices.
Key Management Systems[edit]
The following list of key management systems exist commercially or as open sourc
e:
Bell ID Key Manager[4]
Cryptsoft KMIP C and Java Servers[5]
Gazzang zTrustee[6]
HP Enterprise Secure Key Manager[7]
IBM Distributed Key Management System (DKMS)[8]
IBM Enterprise Key Management Foundation[9]
IBM Tivoli Key Lifecycle Manager[10]
KEYper Systems[11]
Keytracker Ltd[12]
Oracle Key Manager[13]
Porticor Virtual Private Data[14]
QuintessenceLabs Key Manager[15]
RSA Data Protection Manager[16]
Safenet Enterprise Key Management[17]
SSH Communications Security Universal SSH Key Manager [18]
StrongKey[19] - open source, but not updated on Sourceforge since 2009
Thales Key Management[20]
Townsend Security Alliance Key Manager[21]
Unitech Power Technology Co.[22]
Venafi Trust Protection Platform[23]