14 Key Management
In previous chapters, we discussed how cryptographic keys might be used. More precisely, symmetric keys are mainly used for data encryption and decryption and for message authentication code generation and verification. Private and public key pairs are mainly used for digital signature generation and verification, for shared secret generation, and for encryption and decryption of keys and data. In addition to those usages of keys, in this chapter, we discuss how existing keys may be used to derive new keys.
Keys are owned and used by entities (e.g. devices, individuals or organizations) that interact with other entities to conduct specific operations in different fields of activities (e.g. e-commerce, e-government services, e-health, etc.). These keys are analogous to the combination of a safe. If adversaries know the combination of a safe, the latter does not provide any security against attacks, even it is very complex. Keys are the most valuable items in computer security; thus, their protection (i.e. confidentiality, integrity, and availability) is of paramount importance. During its lifetime, the key is either in transit (i.e. exchanged between parties), in use (to encrypt, to decrypt, to sign, etc.), or in storage. Key protection1 shall address all those steps in the key lifetime cycle.
Key management provides the functions for a secure management of cryptographic keys throughout their lifetime. It mainly includes key generation, storage, distribution, ...