NIST, Computer Security Division, Computer Security Resource Center
Cryptographic Key Management Project
Cryptographic Key Management (CKM) is a fundamental part of cryptographic technology and is considered one of the most difficult aspects associated with its use. Of particular concern are the scalability of the methods used to distribute keys and the usability of these methods. NIST has undertaken an effort to improve the overall key management strategies used by the public and private sectors in order to enhance the usability of cryptographic technology, provide scalability across cryptographic technologies, and support a global cryptographic key management infrastructure.
Cryptographic Key Management Workshop Summary (June 2009)
NIST Internal Report 7609, Cryptographic Key Management Workshop Summary - June 8-9, 2009, is now available. This document provides highlights of a workshop that was held in June 2009 to discuss the current state of key management systems, to identify future needs, and to discuss the development of a Cryptographic Key Management Design Framework that will address the issues discussed during the workshop.
Draft Special Publication 800-130, A Framework for Designing Cryptographic Key Management Systems [REVISED]
NIST requests comments on SP 800-130, A Framework for Designing Cryptographic Key Management Systems. This is a revision of the document that was provided for public comment in June 2010. Comments are requested by July 30, 2012 and should be sent to ckmsdesignframework@nist.gov, with "Comments on SP 800-130" in the subject line. Another document, SP 800-152, which provides a basic profile of this framework document for the Federal government, will be available for initial comment later this year.
Comments received on SP 800-130 [by August 17 deadline]
Special Publication 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
NIST announces the completion of Special Publication (SP) 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. This Recommendation provides the approach for transitioning from the use of one algorithm or key length to another, as initially addressed in Part 1 of SP 800-57.
Comments received on SP 800-131 [by March 15 deadline].
Comments received on SP 800-131 [by July 16 deadline].
Draft Special Publication 800-131B, Transitions: Validation of Transitioning Cryptographic Algorithm and Key Lengths
NIST requests comments on Draft Special Publication (SP) 800-131B, Transitions: Validation of Transitioning Cryptographic Algorithm and Key Lengths. SP 800-131B provides details about the validation of the cryptographic algorithms and cryptographic modules in transition, as specified in SP 800-131A. The public comment period ended March 31, 2011.
Comments received on SP 800-131B
Draft Special Publication 800-131C, Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3
NIST requests comments on Draft Special Publication (SP) 800-131C, Transitions: Validating the Transition from FIPS 186-2 to FIPS 186-3. SP 800-131C addresses both the cryptographic algorithm validations and the cryptographic module validations that are conducted by NIST’s Cryptographic Algorithm Validation Program (CAVP) and the Cryptographic Module Validation Program (CMVP), respectively. The public comment period ended March 31, 2011.
Draft Special Publication 800-152, A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS)
NIST is developing a Special Publication (SP 800-152) that will be entitled “A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS)”. This Profile will be based on the Special Publication 800-130, entitled “A Framework for Designing Cryptographic Key Management Systems.” The Framework covers topics that should be considered by a product or system designer when designing a CKMS and specifies requirements for the design and its documentation. The Profile, however, will cover not only a CKMS design, but also its procurement, installation, management, and operation throughout its lifetime.
An initial draft of the Profile requirements is now available at http://csrc.nist.gov/publications/PubsSPs.html for public comment and for discussion by participants of the CKM Workshop scheduled for September 10-11. Details of the workshop are available at the CKM Workshop website
Please provide comments by October 10, 2012 to ckmsdesignframework@nist.gov, with "Comments on SP 800-152 Profile Requirements" in the subject line.
Questions regarding this project should be addressed to Elaine Barker of NIST.