Encryption Key Management
Unit: 10 Lesson: 1
The operational considerations for the various stages in the lifecycle of an encryption key or keypair.
Key Generation
Creates an asymmetric key pair or symmetric secret key of the required strength, using the chosen cipher.
Storage
Revocation
Prevents use of the key if it is compromised. If a key is revoked, any data that was encrypted using it should be re-encrypted using a new key.
Expiration & Renewal
Gives the certificate that validates the key a "shelf-life" to increase security. Every certificate expires after a certain period. Certificates can be renewed with the same key pair or with a new key pair.
Decentralized vs. Centralized
Each key that is generated will be generated and stored on the host that will use the certificate. This means easy to deploy and cheap to maintain, but it makes it harder to detect compromises. This is decentralized key management.
Using a tool called a key management system, a dedicated server or appliance is used to generate and store keys for an entire subnet. When a device or application needs to perform any cryptographic operation, it uses KMIP to communicate with the server. This is centralized key management.
#Netplus