PART 4: MUTUAL TRUST
Chapter 14 KEY MANAGEMENT AND DISTRIBUTION
o Symmetric Key Distribution Using Symmetric Encryption
· A Key Distribution Scenario ierarchical Key Control Session Key Lifetime
· A Transparent Key Control Scheme Decentralized Key Control Controlling Key Usage
o Symmetric Key Distribution Using Asymmetric Encryption
· Simple Secret Key Distribution
· Secret Key Distribution with Confidentiality and Authentication A Hybrid Scheme
o Distribution Of Public Keys
· Public Announcement of Public Keys Publicly Available Directory
· Public-Key Authority Public-Key Certificates
o X.509 Certificates
· X.509 Version 3
o Public-Key Infrastructure
· PKIX Management Functions PKIX Management Protocols
◆ Key distribution is the function that delivers a key to two parties who wish to exchange secure encrypted data. Some sort of mechanism or protocol is needed to provide for the secure distribution of keys.
◆ Key distribution often involves the use of master keys, which are infre- quently used and are long lasting, and session keys, which are generated and distributed for temporary use between two parties.
◆ Public-key encryption schemes are secure only if the authenticity of the public key is assured. A public-key certificate scheme provides the neces- sary security.
◆ X.509 defines the format for public-key certificates. This format is widely used in a variety of applications.
◆ A public-key infrastructure (PKI) is defined as the set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates based on asymmetric cryptography.
◆ Typically, PKI implementations make use of X.509 certificates.
The topics of cryptographic key management and cryptographic key distribution are complex, involving cryptographic, protocol, and management considerations. The pur- pose of this chapter is to give the reader a feel for the issues involved and a broad sur- vey of the various aspects of key management and distribution. For more information, the place to start is the three-volume NIST SP 800-57, followed by the recommended readings listed at the end of this chapter.