# Recommendation for cryptographickey generation

Post on 01-Nov-2014

363 views

Embed Size (px)

DESCRIPTION

TRANSCRIPT

<ul><li> 1. NIST Special Publication 800-133Recommendation for CryptographicKey GenerationElaine Barker, Allen RoginskyComputer Security DivisionInformation Technology LaboratoryC O M P U T E R S E C U R I T YJuly 2011U.S. Department of CommerceGary Locke, SecretaryNational Institute of Standards and TechnologyPatrick D. Gallagher, Director </li> <li> 2. SP 800-133 DRAFT July 2011AbstractCryptography is often used in an information technology security environment to protectdata that is sensitive, has a high value, or is vulnerable to unauthorized disclosure orundetected modification during transmission or while in storage. Cryptography reliesupon two basic components: an algorithm (or cryptographic methodology) and acryptographic key. This Recommendation discusses the generation of the keys to bemanaged and used by the approved cryptographic algorithms.KEY WORDS: asymmetric key, key agreement, key derivation, key generation, keywrapping, key replacement, key transport, key update, public key, symmetric keyii </li> <li> 3. SP 800-133 DRAFT July 2011AcknowledgementsThe National Institute of Standards and Technology (NIST) gratefully acknowledges andappreciates contributions by XXX. NIST also thanks the many contributions by thepublic and private sectors whose thoughtful and constructive comments improved thequality and usefulness of this publication.iii </li> <li> 4. SP 800-133 DRAFT July 2011Table of Contents1 Introduction............................................................................................... 12 Authority ...................................................................................................13 Definitions, Acronyms and Symbols ........................................................ 23.1 Definitions............................................................................................................ 23.2 Acronyms............................................................................................................. 83.3 Symbols ............................................................................................................... 94 General Discussion..................................................................................105 Basic Method for Using the Output of a Random Bit Generator ......................... 105.1 The Specification ............................................................................................... 115.2 Post-Processing of RBG Output ........................................................................ 125.2.1 Examples of F(r1) Used for Post-Processing ......................................... 125.2.2 Examples of Pi Used for Post-Processing. ............................................. 136 Generation of Key Pairs for Asymmetric Key Algortihms..................... 146.1 Key Pairs for Digital Signature Schemes........................................................... 146.2 Key Pairs for Key Establishment....................................................................... 156.3 Distributing the Keys......................................................................................... 157 Generation of Keys for Symmetric Key Algorithms .............................. 157.1 The Direct Generation of Symmetric Keys.................................................... 167.2 Distributing the Generated Symmetric Key.............................................. 167.3 Symmetric Keys Generated Using Key-Agreement Schemes........................... 167.3 Symmetric Key Derivation From a Pre-shared Key.......................................... 177.4 Symmetric Keys Derived From Passwords ....................................................... 187.5 Symmetric Keys Produced by Combining Multiple Keys................................. 187.6 Replacement and Update of Symmetric Keys ................................................... 188 References............................................................................................... 19iv </li> <li> 5. SP 800-133 DRAFT July 2011Recommendation for Cryptographic Key Generation1 IntroductionCryptography is often used in an information technology security environment to protectdata that is sensitive, has a high value, or is vulnerable to unauthorized disclosure orundetected modification during transmission or while in storage. Cryptography reliesupon two basic components: an algorithm (or cryptographic methodology) and acryptographic key. The algorithm is a mathematical function, and the key is a parameterused by that function.The National Institute of Standards and Technology (NIST) has developed a wide varietyof Federal Information Processing Standards (FIPS) and NIST Special Publications (SPs)to specify and approve cryptographic algorithms for Federal government use. In addition,guidance has been provided on the management of the cryptographic keys to be used inthe use of these approved cryptographic algorithms.This Recommendation discusses the generation of the keys to be used with the approvedcryptographic algorithms. The keys are either generated using mathematical processingon the output of approved Random Bit Generators and possibly other parameters, orgenerated based upon keys that are generated in this fashion.2 AuthorityThis publication has been developed by the National Institute of Standards andTechnology (NIST) in furtherance of its statutory responsibilities under the FederalInformation Security Management Act (FISMA) of 2002, Public Law 107-347.NIST is responsible for developing standards and guidelines, including minimumrequirements, for providing adequate information security for all agency operations andassets, but such standards and guidelines shall not apply to national security systems.This Recommendation has been prepared for use by federal agencies. It may be used bynon-governmental organizations on a voluntary basis and is not subject to copyright.(Attribution would be appreciated by NIST.)Nothing in this document should be taken to contradict standards and guidelines mademandatory and binding on federal agencies by the Secretary of Commerce under statutoryauthority. Nor should these guidelines be interpreted as altering or superseding theexisting authorities of the Secretary of Commerce, Director of the OMB, or any otherfederal official.Conformance testing for implementations of this Recommendation will be conductedwithin the framework of the Cryptographic Algorithm Validation Program (CAVP) andthe Cryptographic Module Validation Program (CMVP). The requirements of thisRecommendation are indicated by the word shall. Some of these requirements may beout-of-scope for CAVP or CMVP validation testing, and thus are the responsibility ofentities using, implementing, installing or configuring applications that incorporate thisRecommendation.1 </li> <li> 6. SP 800-133 DRAFT July 20113 Definitions, Acronyms and Symbols3.1 DefinitionsAllowed Specified as allowed within the FIPS 140 ImplementationGuideline [Imp Guide]Approved FIPS-approved and/or NIST-recommended.Asymmetric key A cryptographic key used with an asymmetric key (public key)algorithm. The key may be a private key or a public key.Asymmetric keyalgorithmA cryptographic algorithm that uses two related keys, a publickey and a private key. The two keys have the property thatdetermining the private key from the public key iscomputationally infeasible. Also known as a public keyalgorithm.Bit string An ordered sequence of 0 and 1 bits.Compromise The unauthorized disclosure, modification or use of sensitivedata (e.g., keying material and other security-relatedinformation).CryptographicalgorithmA well-defined computational procedure that takes variableinputs, often including a cryptographic key, and produces anoutput.2 </li> <li> 7. SP 800-133 DRAFT July 2011Cryptographic key(key)A parameter used in conjunction with a cryptographic algorithmthat determines its operation in such a way that an entity withknowledge of the key can reproduce or reverse the operation,while an entity without knowledge of the key cannot. Examplesinclude:1. The transformation of plaintext data into ciphertext data,2. The transformation of ciphertext data into plaintext data,3. The computation of a digital signature from data,4. The verification of a digital signature,5. The computation of an authentication code from data,6. The verification of an authentication code from data and areceived authentication code,7. The computation of a shared secret that is used to derivekeying material.8. The derivation of additional keying material from a key-derivation key (i.e., a pre-shared key).Cryptographic module The set of hardware, software, and/or firmware that implementssecurity functions (including cryptographic algorithms and keygeneration) and is contained within a cryptographic boundary.Cryptoperiod The time span during which a specific key is authorized for useor in which the keys for a given system or application mayremain in effect.Data integrityA property whereby data has not been altered in anunauthorized manner since it was created, transmitted or stored.Decryption The process of changing ciphertext into plaintext using acryptographic algorithm and key.Digital signature The result of a cryptographic transformation of data that, whenproperly implemented, provides origin authentication, assuranceof data integrity and signatory non-repudiation.Encryption The process of changing plaintext into ciphertext using acryptographic algorithm and key.3 </li> <li> 8. SP 800-133 DRAFT July 2011Entity An individual (person), organization, device or process. Usedinterchangeably with party.EntropyThe entropy of a random variable X is a mathematical measureof the expected amount of information provided by anobservation of X. As such, entropy is always relative to anobserver and his or her knowledge prior to an observation.Full entropy Each bit of a bit string with full entropy is unpredictable (with auniform distribution) and independent of every other bit of thatbit string. An n-bit string is said to have full entropy if thestring is estimated to contain at least (1)n bits of entropy,where 2-64.Key See cryptographic key.Key agreement A key establishment procedure where the resultant keyingmaterial is a function of information contributed by two or moreparticipants, so that no party can predetermine the value of thekeying material independent of the other partys contribution.Key-agreementprimitiveA DLC primitive specified in [SP 800-56A] or an RSASVEoperation specified in [SP 800-56B].Key derivation1. A process by which one or more keys are derived from ashared secret and other information during a key agreementtransaction.2. A process that derives new keying material from a key thatis currently available.Key derivation keyA key used as an input to a key derivation method to deriveother keys.Key establishment The procedure that results in shared secret keying materialamong different parties.Key-generatingmoduleA cryptographic module in which a given key is generated.Key generation The process of generating keys for cryptography.Key pair A private key and its corresponding public key; a key pair isused with an asymmetric key (public key) algorithm.4 </li> <li> 9. SP 800-133 DRAFT July 2011Key pair owner The entity that is authorized to use the private key associatedwith a public key, whether that entity generated the key pairitself or a trusted party generated the key pair for the entity.Key replacement The replacement of one cryptographic key with another that isnot cryptographically related.Key transport A key establishment procedure whereby one party (the sender)selects a value for the secret keying material and then securelydistributes that value to another party (the receiver) using anasymmetric algorithm.Key update A function performed on a cryptographic key in order tocompute a new, but related key for the same purpose.Key wrapping A method of encrypting and decrypting keys and (possibly)associated data using a symmetric key; both confidentiality andintegrity protection are provided.Module See cryptographic module.Non-repudiation A service that may be afforded by the appropriate application ofa digital signature. The signature provides assurance of theintegrity of the signed data in such a way that the signature canbe verified by any party in possession of the claimed signatoryspublic key. The assumption is that the claimed signatory hadknowledge of the data that was signed and is the only entity inpossession of the private key associated with that public key;thus, verification of the signature provides assurance to averifier that the data in question was knowingly signed by noneother than the claimed signatory.Origin authentication A process that provides assurance of the origin of information(e.g., by providing assurance of the originators identity).5 </li> <li> 10. SP 800-133 DRAFT July 2011Owner 1. For an asymmetric key pair, consisting of a private key anda public key, the entity that is authorized to use the privatekey associated with a public key, whether that entitygenerated the key pair itself or a trusted party generated thekey pair for the entity.2. For a symmetric key (i.e., a secret key), the entity or entitiesthat are authorized to share and use the key.Password A string of characters (letters, numbers and other symbols) thatare used to authenticate an identity or to verify accessauthorization. A passphrase is a special case of a password thatis a sequence of words or other text. In this document, the useof the term password includes this special case.Permutation An ordered (re)arrangement of the elements of a set.Plaintext data Intelligible data that has meaning and can be understoodwithout the application of decryption.Pre-shared keyA key that is already known by the entities needing to use it.Private keyA cryptographic key, used with a public key cryptographicalgorithm that is uniquely associated with an entity and is notmade public. In an asymmetric-key (public key) cryptosystem,the private key is associated with a public key. Depending onthe algorithm, the private key may be used to:1. Compute the corresponding public key,2. Compute a digital signature that may be verified usingthe corresponding public key,3. Decrypt data that was encrypted using the correspondin...</li></ul>