U.S. flag   An unofficial archive of your favorite United States government website
This is an archive
(replace .gov by .rip)

Key Management

Key Establishment

The following publications specify methods for establishing cryptographic keys.


Symmetric Block Ciphers

  • SP 800-71, Key Establishment Using Symmetric Block Ciphers (DRAFT)
    • July 2, 2018:  NIST requests public comments on NIST SP 800-71.  Most current key management systems are based on public key cryptography. However, with the emergence of quantum computing technology—which can break many public key algorithms currently in use—symmetric key cryptography may offer alternatives for key establishment. Symmetric key cryptography is more computationally efficient than public key cryptography, and is commonly used to protect larger volumes of information, both in transit and storage. Given the limited guidance currently available on using symmetric key cryptography for key establishment, it seems prudent to describe such techniques and their security considerations.
      • Public comment period is closed.

Pair-Wise Key Establishment Schemes

  • SP 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography
  • SP 800-56B Revision 2, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography
  • SP 800-56C Revision 2, Recommendation for Key Derivation Methods in Key-Establishment Schemes
  • SP 800-108, Recommendation for Key Derivation Using Pseudorandom Functions

Key Generation

  • SP 800-133 Revision 2, Recommendation for Cryptographic Key Generation (June 2020)

Key Wrapping

  • SP 800-38F, Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping

Transitions for Key Derivation Functions

  • SP 800-135, Transitions: Recommendation for Existing Application-Specific Key Derivation Functions

Created January 04, 2017, Updated August 20, 2020