This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys.
It is the more challenging side of cryptography in a sense that it involves aspects of social engineering such as system policy, user training, organizational and departmental interactions, and coordination between all of these elements, in contrast to pure mathematical practices that can be automated.
Formerly, exchange of such a key was extremely troublesome, and was greatly eased by access to secure channels such as a diplomatic bag.
It is possible, using something akin to a book code, to include key indicators as clear text attached to an encrypted message.
This method is usually cumbersome or expensive (breaking a master key into multiple parts and sending each with a trusted courier for example) and not suitable for use on a larger scale.
Likewise, in the case of smartphone keyless access platforms, they keep all identifying door information off mobile phones and servers and encrypt all data, where just like low-tech keys, users give codes only to those they trust.
"Some contain minimal guidance like 'don’t store keys with encrypted data' or suggest that 'keys should be kept securely.'"
[9] For optimal security, keys may be stored in a Hardware Security Module (HSM) or protected using technologies such as Trusted Execution Environment (TEE, e.g. Intel SGX) or Multi-Party Computation (MPC).
Additional alternatives include utilizing Trusted Platform Modules (TPM),[10] virtual HSMs, aka "Poor Man's Hardware Security Modules" (pmHSM),[11] or non-volatile Field-Programmable-Gate-Arrays (FPGA) with supporting System-on-Chip configurations.
[12] In order to verify the integrity of a key stored without compromising its actual value a KCV algorithm can be used.
Many specific applications have developed their own key management systems with home grown protocols.
KMIP is an extensible key management protocol that has been developed by many organizations working within the OASIS standards body.
The protocol allows for the creation of keys and their distribution among disparate software systems that need to utilize them.
A list of some 80 products that conform to the KMIP standard can be found on the OASIS website.
As defined by the National Institute of Standards and Technology NIST, the policy shall establish and specify rules for this information that will protect its:[14] This protection covers the complete key life-cycle from the time the key becomes operational to its elimination.
PKIs are used in World Wide Web traffic, commonly in the form of SSL and TLS.
[55] 45.NeoKeyManager - Hancom Intelligence Inc. Q* The IEEE Security in Storage Working Group (SISWG) that is creating the P1619.3 standard for Key Management