kategori Shtëpia |
Encryption Key Management (Encryption Key Management. The types of keys for encryption
In this article, learn about the management of encryption keys (Encryption key), as well as what needs to be done to effectively store the keys for your encrypted data. The information in this article can be very useful. After reading it, you will obviously need to manage encryption keys correctly, to avoid disaster.
Encryption brief introduction
People always want to talk with a group of trust in a confidential manner. During the war, the encryption used for the transmission and storage of information is very important to win the war. Today`s organizations are connected to the Internet, using it as a media organization can communicate and interact with customers, suppliers and its own employees. Maintaining the confidentiality of these interactions, as well as preserving the confidentiality of data is a very important point, so many organizations have begun to install a powerful physical devices as a content encryption device and data, to ensure the security of data and interactions.
Encryption - it is a way to preserve the confidentiality of data, as well as the concealment of unauthorized users. Typically, the code is used; the code can be written in the form of the castle, the encryption process - a lock, and the process of decryption - unlocking. What was readable data, after encryption becomes unreadable without the correct key.
But why the key is so important? Let`s reflect on this issue logically. Do you have a safety deposit box. In the safe you have stored valuables. You need a key to open the safe. If you lose the key to the safe, you will need a lot of time to get to your valuables. In turn, this will cause a denial of service. Now we need to ask ourselves a few questions. Where should we hold the key? Will this be the key to keep on top of the safe? If an attacker gets into the room where the safe is, it is sure to find the key and gain access to your valuable things. Even if you put the key in the same room as the safe, it can lead to the fact that an unauthorized person will find the key.
Obviously, the need to unlock the locks; commonly used encryption keys for decrypting the encrypted data. It is clear that if these will be found and copied, or destroyed, or lost, you will have problems in accessing that protects these keys. Have you ever lost your car keys? Not a very good feeling .... If you have a spare set of keys, you can use them, but you will continue to torment the question, who found your keys, and what he can do with them.
Here are the different types of keys, which are described in the documentation on the life cycle of keys (Key lifecycle documentation).
- Long term Data Encrypting Keys
- Transport Private Keys (private keys are transmitted)
- Static Key Agreement Private Keys ()
- Digital Signatures (digital signatures)
- Secret Authentication Keys (a secret key for authentication)
- Static Key Agreement Public Keys
- Domain Parameters (Domain settings)
- Public Authorization Keys (public keys for authentication)
- Initialization Vectors (initialization vectors)
- Seeds (initial number)
- Shared Secrets (shared secrets)
- Encrypted Keys (encryption keys)
- Master Keys Used to Derive (master keys used for)
- Public Keys Used to Verify (the public key used for verification)
What is the solution?
It is very important to deal with the keys and carefully, if not better, as well as to the fact that they protect. If the encryption key protects your notebook, and he was lost, as a result you may lose all the data on your laptop. It would therefore be very good to store keys.
Good practice consists of 10 simple steps necessary to ensure that you will be able to securely access the data when you need to manage keys. Reference:NIST
Typically, you must back up
- Public authentication key (shared key authentication),
- Signature verification key (signature verification key),
- Key encrypting key used,
- Secret authentication key (a secret key for authentication),
- Key for key wrapping (key wrapping keys),
- Domain parameters (Domain settings)
- Long term data encryption (a long-term encryption),
There is no need to back up
- Ephemeral key agreement,
- Short term data encryption key (short-term data encryption),
- Private keys (private keys),
- Secret authorization key (secret key for authentication),
- RNG key (RNG key),
- Private authorization key (private key for authentication),
- Private authentication key (the private key for authentication),
- Public authorization key (the public keys for authentication),
- Signing key (key signatures),
- Intermediate results and key material (interim results).
- Key transport public key,
- ... Transfer backup keys trusted people. although this step may seem unnecessary, I can assure you that if something goes wrong, you want to have the other was a copy of the keys. Usually, backups are present in many organizations without any problems.
- ... Make sure that the backup is correct and that you have an effective plan for recovery. Note:As mentioned in this article, storage of keys to decrypt the encrypted data with a very bad practice. Therefore, you must store the keys on the tapes that contain encrypted archived data.
- ... Make sure that the key is not stored in a place where someone can make a copy of it or destroy it. logical access control is not sufficient, if an unauthorized user can change the status of the machine on which the keys are stored remotely or physically, as a result will be impossible to decrypt the data.
- ... Make backups of your encryption keys. If the encryption key is changed, you must also make a backup copy of the modified key. It also includes the recovery of keys, which are used for your archival data. If you ever need to recover data, you will need to decrypt the data. Many organizations have been victims of a wrong key management.
- ... Make sure that the keys are physically stored in a safe place, and that only authorized users can gain access to the keys. Controlling physical access is very important, otherwise you will not be able to decrypt your data.
- ... Make sure that the key is used, and only released on the security system (secure system); Very often, it usually does not pay attention, which leads to disastrous results. Not all computer systems are safe, because of the different recording and spyware, so great care must be used keys.
- ... Make sure that the logical access to your encryption keys safe and accessible only to authorized users. Logical access to the keys plays an important role in the safety of your data. Storage on the local disks of encryption keys may be a compromise, especially if the computer or device is partially encrypted. Typically, the keys are stored out of reach in a safe place.
- ... Make sure you have a way to distribute keys, lock the old keys, as well as compromised keys, as well as the creation of new keys to decrypt the data. This process must be approached with the utmost care and security. Through the process of release of unprotected keys very often occurs a fake key.
- ... Ensure the security and integrity of the key generation process.
- ... Know that the data is encrypted using a key, so if you need to release a new key, you must first decrypt the data, then encrypt them using the new key, if your software does not do this automatically.
These ten rules will help you and your organization to effectively manage your keys used to protect the most sensitive data. In many cases, you can not decrypt the data because of errors of people who manage the keys, but who lack the experience to make the right decision.
Safety organization includes many fine moments. Therefore, it is important to properly manage the encryption keys. Otherwise, you or your organization may be in a sticky situation. In this article you will learn a lot of useful information on how to ensure the security of your organization and its encrypted data.