Editing Key management (section)

==Management steps==
Once keys are inventoried, key management typically consists of three steps: exchange, storage and use.

===Key exchange===
{{Main|Key exchange}}
Prior to any secured communication, users must set up the details of the cryptography. In some instances this may require exchanging identical keys (in the case of a symmetric key system). In others it may require possessing the other party's public key. While public keys can be openly exchanged (their corresponding private key is kept secret), symmetric keys must be exchanged over a secure communication channel. Formerly, exchange of such a key was extremely troublesome, and was greatly eased by access to secure channels such as a [[diplomatic bag]]. [[Clear text]] exchange of symmetric keys would enable any interceptor to immediately learn the key, and any encrypted data.

The advance of public key cryptography in the 1970s has made the exchange of keys less troublesome. Since the [[Diffie-Hellman]] key exchange protocol was published in 1975, it has become possible to exchange a key over an insecure communications channel, which has substantially reduced the risk of key disclosure during distribution. It is possible, using something akin to a [[book code]], to include key indicators as clear text attached to an encrypted message. The encryption technique used by [[Richard Sorge]]'s code clerk was of this type, referring to a page in a statistical manual, though it was in fact a code. The [[German Army (Wehrmacht)|German Army]] [[Enigma machine|Enigma]] symmetric encryption key was a mixed type early in its use; the key was a combination of secretly distributed key schedules and a user chosen session key component for each message.

In more modern systems, such as [[OpenPGP]] compatible systems, a session key for a symmetric key algorithm is distributed encrypted by an [[asymmetric key algorithm]]. This approach avoids even the necessity for using a key exchange protocol like Diffie-Hellman key exchange.

Another method of key exchange involves encapsulating one key within another. Typically a master key is generated and exchanged using some secure method. This method is usually cumbersome or expensive (breaking a master key into multiple parts and sending each with a trusted courier for example) and not suitable for use on a larger scale. Once the master key has been securely exchanged, it can then be used to securely exchange subsequent keys with ease. This technique is usually termed [[key wrap]]. A common technique uses [[block cipher]]s and cryptographic [[hash function]]s.<ref>{{Cite web|title=Block Cipher - an overview {{!}} ScienceDirect Topics|url=https://www.sciencedirect.com/topics/engineering/block-cipher|access-date=2020-12-12|website=www.sciencedirect.com}}</ref>

A related method is to exchange a master key (sometimes termed a root key) and derive subsidiary keys as needed from that key and some other data (often referred to as diversification data). The most common use for this method is probably in [[smartcard]]-based cryptosystems, such as those found in banking cards. The bank or credit network embeds their secret key into the card's secure key storage during card production at a secured production facility. Then at the [[point of sale]] the card and card reader are both able to derive a common set of session keys based on the shared secret key and card-specific data (such as the card serial number). This method can also be used when keys must be related to each other (i.e., departmental keys are tied to divisional keys, and individual keys tied to departmental keys). However, tying keys to each other in this way increases the damage which may result from a security breach as attackers will learn something about more than one key. This reduces entropy, with regard to an attacker, for each key involved.

A [[Oblivious_pseudorandom_function#A_homomorphic_key_management_system|recent method]] uses an [[oblivious pseudorandom function]] to issue keys without the key management system ever being in a position to see the keys.<ref>{{cite book |last1=Jarecki |first1=Stanislaw |last2=Krawczyk |first2=Hugo |last3=Resch |first3=Jason |chapter=Updatable Oblivious Key Management for Storage Systems |date=2019 |title=Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |volume=November 2019 |pages=379–393 |doi=10.1145/3319535.3363196 |isbn=978-1-4503-6747-9 |chapter-url=https://dl.acm.org/doi/10.1145/3319535.3363196 |access-date=Jan 27, 2024}}</ref>

===Key storage===
However distributed, keys must be stored securely to maintain communications security. Security is a big concern<ref name="Crain's New York">{{cite web|title=An ancient technology gets a key makeover|url=http://www.crainsnewyork.com/article/20131120/TECHNOLOGY/131129993/an-ancient-technology-gets-a-key-makeover|website=Crain's New York Business|date=20 November 2013|publisher=Crain's New York|access-date=19 May 2015}}</ref><ref name=":0">{{Cite web|title=Lost in translation: encryption, key management, and real security|url=https://cloud.google.com/blog/products/identity-security/how-encryption-and-key-management-enable-real-security|access-date=2021-09-16|website=Google Cloud Blog|language=en}}</ref> and hence there are various techniques in use to do so. Likely the most common is that an encryption application manages keys for the user and depends on an access password to control use of the key. Likewise, in the case of smartphone keyless access platforms, they keep all identifying door information off mobile phones and servers and encrypt all data, where just like low-tech keys, users give codes only to those they trust.<ref name="Crain's New York"/>

In terms of regulation, there are few that address key storage in depth. "Some contain minimal guidance like 'don’t store keys with encrypted data' or suggest that 'keys should be kept securely.'" The notable exceptions to that are PCI DSS 3.2.1, NIST 800-53 and NIST 800–57.<ref name=":0" />

For optimal security, keys may be stored in a [[Hardware security module|Hardware Security Module]] (HSM) or protected using technologies such as [[Trusted execution environment|Trusted Execution Environment]] (TEE, e.g. [[Intel SGX]]) or [[Multi-party computation|Multi-Party Computation]] (MPC). Additional alternatives include utilizing [[Trusted Platform Module]]s (TPM),<ref>{{Cite book|last1=Gopal|first1=Venkatesh|last2=Fadnavis|first2=Shikha|last3=Coffman|first3=Joel|title=2018 IEEE World Congress on Services (SERVICES) |chapter=Low-Cost Distributed Key Management |date=July 2018|chapter-url=https://ieeexplore.ieee.org/document/8495794|pages=57–58|doi=10.1109/SERVICES.2018.00042|isbn=978-1-5386-7374-4|s2cid=53081136}}</ref> virtual HSMs, aka "Poor Man's Hardware Security Modules" (pmHSM),<ref>{{Cite book|last1=Cifuentes|first1=Francisco|last2=Hevia|first2=Alejandro|last3=Montoto|first3=Francisco|last4=Barros|first4=Tomás|last5=Ramiro|first5=Victor|last6=Bustos-Jiménez|first6=Javier|title=Proceedings of the 9th Latin America Networking Conference |chapter=Poor Man's Hardware Security Module (PMHSM) |date=2016-10-13|chapter-url=https://doi.org/10.1145/2998373.2998452|series=LANC '16|location=Valparaiso, Chile|publisher=Association for Computing Machinery|pages=59–64|doi=10.1145/2998373.2998452|isbn=978-1-4503-4591-0|s2cid=16784459}}</ref> or non-volatile [[Field-programmable gate array|Field-Programmable-Gate-Arrays]] (FPGA) with supporting [[System on a chip|System-on-Chip]] configurations.<ref>{{Cite book|last1=Parrinha|first1=Diogo|last2=Chaves|first2=Ricardo|title=2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig) |chapter=Flexible and low-cost HSM based on non-volatile FPGAs |date=December 2017|chapter-url=https://ieeexplore.ieee.org/document/8279795|pages=1–8|doi=10.1109/RECONFIG.2017.8279795|isbn=978-1-5386-3797-5|s2cid=23673629}}</ref>  In order to verify the integrity of a key stored without compromising its actual value a [[Key checksum value|KCV]] algorithm can be used.

===Key encryption use===
The major issue is length of time a key is to be used, and therefore frequency of replacement. Because it increases any attacker's required effort, keys should be frequently changed. This also limits loss of information, as the number of stored encrypted messages which will become readable when a key is found will decrease as the frequency of key change increases. Historically, symmetric keys have been used for long periods in situations in which key exchange was very difficult or only possible intermittently. Ideally, the symmetric key should change with each message or interaction, so that only that message will become readable if the key is learned (''e.g.'', stolen, cryptanalyzed, or social engineered).