What is Encryption Key Management?
Encryption vital management is administering the full lifecycle of cryptographic keys. This includes: generating, using, storing, archiving, and also deleting of keys. Protection of the encryption secrets contains limiting access to the tricks physically, logically, and also with user/function accessibility.
You are watching: Which option below is not one of the recommended practices for maintaining a keyed padlock?
|Click here to view this ePublication offline|
“The proper administration of cryptographic secrets is essential to the efficient usage of cryptography for protection. Keys are analogous to the combination of a safe. If a safe combicountry is well-known to an adversary, the strongest safe offers no security versus penetration. Similarly, bad key monitoring might quickly deteriorate strong algorithms.” ~ NIST Recommendation for Key Management
NIST’s statement paints a precise photo. Like a safe’s combicountry, your encryption tricks are just as great as the defense you usage to safeguard them. Tbelow is a whole physical and also digital cryptosystem that have to be have to be accounted for as well as each key’s full lifecycle. As such, a robust encryption key administration mechanism and also policies includes:Key lifecycle: key generation, pre-activation, activation, expiration, post-activation, escrow, and destructionPhysical access to the essential server(s)Logical access to the essential server(s)User/Role access to the encryption keys
Let’s acquire started with a brief overview of the kinds of encryption tricks.
^Back to Top
Types of Encryption Keys
See more: Which Of The Following Is An Example Of Secondary Analysis, Chapter 14: Multiple Choice Questions
Now that we have the meanings in area, listed below is a step by step example of exactly how an authorized user accesses encrypted data:A user researches to accessibility encrypted soimg.orgrmation.The database, application, file mechanism, or storage then sends a DEK retrieval repursuit to the client (KM API).Next off, the client (KM API) and also KM verify each other’s certificates:The client (KM API) sends a certificate to the KM for verification.The KM then checks the certificate versus the CA for authentication.Once the client (KM API) certificate has actually been showed, the KM then sends out its certificate to the KM API for authentication and also acceptance.Once the certificates have been embraced, a secure TLS connection is establimelted in between the client (KM API) and the KM.The KM then decrypts the requested DEK via the KEKThe KM sends the DEK to the client (KM API) over the encrypted TLS session.The KM API then sends the DEK to the database, application, file device, or storage.The database (may) cache the DEK in temporary secure memory.The database, application, file system, or storage then sends the plaintext soimg.orgrmation to the user.Asymmetric Key Systems