Users and developers are presented with many choices in their use of cryptographic mechanisms. Inappropriate choices may result in an illusion of security, but little or no real security for the protocol or application. The security of information protected by cryptography directly depends on the strength of the keys, the effectiveness of mechanisms and protocols associated with keys, and the protection afforded to the keys.
All keys need to be protected against modification, and secret and private keys need to be protected against unauthorized disclosure.
Key management provides the foundation for the secure generation, storage, distribution, and destruction of keys. This report provides background information and establishes frameworks to support appropriate decisions when selecting and using cryptographic mechanisms. It is intended to advise developers and system administrators on the "best practices" associated with key management. This is the National Institute of Standards and Technology's Special Publication 800-57, published in 2007, at 142 pages. The content is in the public domain.
All keys need to be protected against modification, and secret and private keys need to be protected against unauthorized disclosure.
Key management provides the foundation for the secure generation, storage, distribution, and destruction of keys. This report provides background information and establishes frameworks to support appropriate decisions when selecting and using cryptographic mechanisms. It is intended to advise developers and system administrators on the "best practices" associated with key management. This is the National Institute of Standards and Technology's Special Publication 800-57, published in 2007, at 142 pages. The content is in the public domain.
