The ultimate guide to encryption key management - Security Boulevard

SBN The ultimate guide to encryption key management


In cryptography, a key is a very important piece of information used to combine with an algorithm (a cipher) to transform plaintext into ciphertext (encryption).

The first step of preventive security is not encryption; however, the proper management of a cryptographic key is essential. Key management includes the generating, using, storing, archiving and deleting of keys. In modern business, encryption plays a vital role in protecting electronic communications and financial transactions. 

Successful key management is critical to the security of a cryptosystem. It is a more challenging side of cryptography which involves various aspects of social engineering, such as organization, system policy and departmental coordination.

The best thing about encryption is that, if implemented correctly, it is highly resistant to attack. Unfortunately, the weak point of encryption is the keys. If a key is compromised, all your hard work and complexity is all for nothing. This makes cryptography keys the most precious asset of any company. The value of keys is equivalent to the value of your most crucial information or data.

What is encryption key management?

Encryption Key Management is the management of cryptographic keys in the cryptosystem. Key management concerns itself with keys at the user level, either between user or system. Therefore, a robust key management system is important, and policies must include the following:

  • Key life cycle: Key generation, key activation, expiration and destruction
  • Physical access to the key server
  • Logical access to key servers, which should be on a need-to-know basis for businesses
  • Access of user-based roles to encryption keys

We can divide these primarily into three primary key management approaches:

  • Decentralized: In this version, end users are 100% responsible for their own key management and the organization is not required to handle key governance
  • Distributed: Each team or department in the organization (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Jatin Jain. Read the original post at: