New NIST document offers guidance in cryptographic key generation

Dec 13, 2012
NIST's Special Publication 800-133 will help people find the specifics on how to generate cryptographic keys, used in secure data transmission and storage of sensitive information. Credit: Talbott/NIST

(Phys.org)—Protecting sensitive electronic information in different situations requires different types of cryptographic algorithms, but ultimately they all depend on keys, the cryptographic equivalent of a password. A new publication from the National Institute of Standards and Technology (NIST) aims to help people secure their data with good keys no matter which algorithm they choose.

NIST Special Publication (SP) 800-133 offers guidance on generating the that are needed to employ algorithms that provide confidentiality and integrity protection for data. Even if adversaries know what algorithm is used, they cannot gain access to the data unless they also have the proper key. SP 800-133 will be helpful to anyone who needs the specifics on how to generate these keys successfully, whether for secure or storage of sensitive information, to give two examples of their use.

SP 800-133 is primarily a high-level document that refers readers to other documents that contain details on generating the various types of keys. However, it does offer specific details for one type of key generation: the keys used in symmetric-key algorithms, in which the same key is used, for example, to both encrypt and decrypt data. Symmetric-key algorithms operate quickly, and the keys must be kept secret. These algorithms are used to protect sensitive information, including other keys, for which the algorithm is iterated as many times as needed to protect the information.

Another type of algorithm—an asymmetric-key algorithm—uses two keys: a that may be known by anyone, and a that is known by only one party and must be kept secret. Asymmetric-key algorithms are generally slower than symmetric-key algorithms and are used in cases where only a single operation of the algorithm is required, such as the generation of a or the encryption of a key to be used later with a symmetric-key algorithm. Details on the generation of keys for asymmetric-key algorithms are not offered in SP 800-133, but the document references others containing the key generation specifications.

The publication is part of a group of documents concerning cryptographic key management, namely SP 800-57 (parts one, two and three), SP 800-130, SP 800-152, and the Federal Information Processing Standard (FIPS) 186 Digital Signature Standard.

Explore further: Computerized emotion detector

More information: csrc.nist.gov/publications/nis… 00-133/sp800_133.pdf

add to favorites email to friend print save as pdf

Related Stories

NIST proposes update to digital signature standard

Apr 18, 2012

The National Institute of Standards and Technology (NIST) has announced proposed changes to a standard that specifies how to implement digital signatures, which can be used to ensure the integrity of electronic documents, ...

Build safety into the very beginning of the computer system

Apr 29, 2011

A new publication from the National Institute of Standards and Technology (NIST) provides guidelines to secure the earliest stages of the computer boot process. Commonly known as the Basic Input/Output System (BIOS), this ...

Secure radio signal for central locking

Feb 01, 2010

(PhysOrg.com) -- Remote central locking is among the most convenient aspects of modern motoring. Transmission of the radio signal that activates the system is not particularly secure, however. A new encryption ...

Improving the security of Internet exchanges

Mar 20, 2009

(PhysOrg.com) -- TLS is the main protocol used today to secure exchanges over the Internet. The protocol has been subject to attacks in recent years, resulting in identity theft and data tampering. To address these problems, ...

Mining ' and Minding ' Her Ps and Qs

Aug 10, 2012

(Phys.org) -- Each time you connect to a secure website (say a bank’s website), you begin by downloading a certificate published by the site, which asserts that its Web address is legitimate. It also ...

Recommended for you

Who drives Alibaba's Taobao traffic—buyers or sellers?

15 minutes ago

As Chinese e-commerce firm Alibaba prepares for what could be the biggest IPO in history, University of Michigan professor Puneet Manchanda dug into its Taobao website data to help solve a lingering chicken-and-egg question.

Computerized emotion detector

Sep 16, 2014

Face recognition software measures various parameters in a mug shot, such as the distance between the person's eyes, the height from lip to top of their nose and various other metrics and then compares it with photos of people ...

Cutting the cloud computing carbon cost

Sep 12, 2014

Cloud computing involves displacing data storage and processing from the user's computer on to remote servers. It can provide users with more storage space and computing power that they can then access from anywhere in the ...

Teaching computers the nuances of human conversation

Sep 12, 2014

Computer scientists have successfully developed programs to recognize spoken language, as in automated phone systems that respond to voice prompts and voice-activated assistants like Apple's Siri.

Mapping the connections between diverse sets of data

Sep 12, 2014

What is a map? Most often, it's a visual tool used to demonstrate the relationship between multiple places in geographic space. They're useful because you can look at one and very quickly pick up on the general ...

User comments : 0