Key Management
Key Establishment
The following publications specify methods for establishing cryptographic keys.
Symmetric Block Ciphers
- SP 800-71, Key Establishment Using Symmetric Block Ciphers (DRAFT)
- July 2, 2018: NIST requests public comments on NIST SP 800-71. Most current key management systems are based on public key cryptography. However, with the emergence of quantum computing technology—which can break many public key algorithms currently in use—symmetric key cryptography may offer alternatives for key establishment. Symmetric key cryptography is more computationally efficient than public key cryptography, and is commonly used to protect larger volumes of information, both in transit and storage. Given the limited guidance currently available on using symmetric key cryptography for key establishment, it seems prudent to describe such techniques and their security considerations.
- Public comment period is closed.
Pair-Wise Key Establishment Schemes
- SP 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
- SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography
- SP 800-56C Revision 2, Recommendation for Key Derivation Methods in Key-Establishment Schemes
- October 2021: SP 800-108 Revision 1, Recommendation for Key Derivation Using Pseudorandom Functions (DRAFT) available for public comment.
Key Generation
- SP 800-133 Revision 2, Recommendation for Cryptographic Key Generation (June 2020)
Key Wrapping
- SP 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
Transitions for Key Derivation Functions
- SP 800-135, Transitions: Recommendation for Existing Application-Specific Key Derivation Functions
Project Links
Additional Pages
Created January 04, 2017, Updated October 19, 2021