NIST Issues Guidelines for Cryptographic Key Generation

Anthony Freed
By | December 19, 2012

Posted in: Network Security Trends

Cryptographic algorithms are crucial for protecting sensitive data from exposure whether at rest or in transit, and the heart of any good encryption mechanism resides in the generation of keys that provide the confidentiality and integrity for data protection. To that end, the National Institute of Standards and Technology (NIST) has issued new guidelines for the generation of adequate encryption keys regardless of which Federal Information Processing Standards (FIPS) approved cryptographic algorithm is employed.

The newest publication was authored by Elaine Barker and Allen Roginsky of the NIST's Computer Security Division Information Technology Laboratory, and are intended to examine best practices in the generation and management of keys used by the most commonly utilized cryptographic algorithms.

"Even if adversaries know what algorithm is used, they cannot gain access to the data unless they also have the proper key. SP 800-133 will be helpful to anyone who needs the specifics on how to generate these keys successfully, whether for secure data transmission or storage of sensitive information," the NIST stated.

The guidelines specifically examine the generation of keys used in symmetric-key algorithms, which employ the same key to both encrypt and to decrypt protected data. Symmetric-key algorithms are efficient, and the keys must be kept secure as they are used to protect sensitive information which often may include other cryptographic keys.

The recommendations do not specifically address key generation for use with asymmetric encryption algorithms which employ two keys, one which is public and can be disclosed openly in combination with a private key which only disclosed to one party and must remain protected, which are often used for digital signatures or in the generation of keys used in symmetric-key algorithms. SP 800-133 does provide references to other NIST documents that offer guidelines for asymmetric encryption.

The SP 800-133 publication is part of a series of documents with best practices recommendations for cryptographic key management, including SP 800-57 (part onetwo and three), SP 800-130SP 800-152, and the Federal Information Processing Standard (FIPS) 186 Digital Signature Standard," NIST stated.

The guidelines are highly technical in nature and provide a great deal of explanation of the entire cryptographic key generation and management process for those with the prerequisite expertise to understand the underlying mechanisms, and in the right hands should prove to be extremely useful in analysis of the methodologies utilized by the enterprise for data protection through encryption.

The NIST, a division of the Commerce Department, is responsible for developing guidelines for providing consistent information security standards for all Federal agency operations, and the guidelines are available for use by the private sector with the understanding that the recommendations do not supersede any regulatory mandates specific to an industry.

You May Also Be Interested In: