LDAPWiki: Cryptographic Key

Overview#

Cryptographic Key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher.

Without a Cryptographic Key, the algorithm would produce no useful result. In encryption, a Cryptographic Key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption.

Cryptographic Keys are also used in other cryptographic algorithms, such as digital Signature schemes and Message Authentication Codes.

Cryptographic Key Classification #

Just as there are household keys for the car, front door, garage, etc., Cryptographic Key can serve many different purposes. Understanding these keys necessitates a grasp of their classification, i.e. the different types of key and their properties and functions.

At its simplest level, a Cryptographic Key is just a random string consisting of hundreds or thousands of ones and zeroes (i.e. binary digits, or bits). However, keys are always created for a specific function, and the associated key meta-data defines the properties of the key.

Static vs Ephemeral Keys and crypto-period#

Cryptographic Keys may be either static (designed for long term usage) or ephemeral (designed to be used only for a single session or transaction). The crypto-period (i.e. lifetime) of static keys may vary from days to weeks, months or even years depending on what they are used for. In general, the greater the crypto-period, the more susceptible it is to attack and the more Protected Data is at risk should it be revealed, so it is important to ensure keys are replaced when required (this process is called updating or cycling).

Key length and algorithms #

The length of a key must align with the algorithm that will use it, although most algorithms support a range of different key sizes. In general, the longer a key is, the better security it provides (assuming it is truly random).

With Symmetric Keys, the security they provide theoretically increases exponentially with their length (for any given algorithm) – adding one more bit doubles their resistance against Brute-Force attacks. This is not true of Asymmetric Keys, which generally need to be somewhat longer.

Common functions for Cryptographic Keys#

The list below outlines the National Institute of Standards and Technology (NIST) classification of Cryptographic Keys based on their type and usage:

Private Digital Signature.
Public Digital Signature-verification key.
Symmetric authentication key.
Private authentication key.
Public authentication key.
Symmetric data-encryption key.
Symmetric Key Encrypting Key
Symmetric Pseudorandom number generator keys. This type of key is used in generating random numbers or bits.
Symmetric Master Key
Private Key Encrypting Key.
Public Key Encrypting Key.
Symmetric Key agreement key.
Private static Key agreement key.
Public static Key agreement key.
Private ephemeral Key agreement key.
Public Ephemeral Key agreement key.
Symmetric authorization key. This key provides privileges to an entity who is using a symmetric cryptographic method. The authorization key is known by the entity who monitors and grants access privileges.
Private authorization key. This is the Private Key of an Asymmetric Key pair that is used to assign privileges to an entity.
Public authorization key.

A shorter list of Common functions for Cryptographic Keys

The importance of Key Management #

Since Cryptographic Keys are used for protecting Sensitive Data, there MUST be proper Key Management

More Information#

There might be more information for this subject on one of the following:

[#1] - Classification of Cryptographic Keys - based on information obtained 2019-02-22