100:
505:
791:(BYOK)—refers to a cloud-computing security model to allow public-cloud customers to use their own encryption software and manage their own encryption keys. This security model is usually considered a marketing stunt, as critical keys are being handed over to third parties (cloud providers) and key owners are still left with the operational burden of generating, rotating and sharing their keys.
517:
343:
is found will decrease as the frequency of key change increases. Historically, symmetric keys have been used for long periods in situations in which key exchange was very difficult or only possible intermittently. Ideally, the symmetric key should change with each message or interaction, so that only that message will become readable if the key is learned (
86:, in contrast are two distinct keys that are mathematically linked. They are typically used together to communicate. Public key infrastructure (PKI), the implementation of public key cryptography, requires an organization to establish an infrastructure to create and manage public and private key pairs along with digital certificates.
494:
The protocol allows for the creation of keys and their distribution among disparate software systems that need to utilize them. It covers the full key life cycle of both symmetric and asymmetric keys in a variety of formats, the wrapping of keys, provisioning schemes, and cryptographic operations as
342:
The major issue is length of time a key is to be used, and therefore frequency of replacement. Because it increases any attacker's required effort, keys should be frequently changed. This also limits loss of information, as the number of stored encrypted messages which will become readable when a key
294:
However distributed, keys must be stored securely to maintain communications security. Security is a big concern and hence there are various techniques in use to do so. Likely the most common is that an encryption application manages keys for the user and depends on an access password to control use
249:
Another method of key exchange involves encapsulating one key within another. Typically a master key is generated and exchanged using some secure method. This method is usually cumbersome or expensive (breaking a master key into multiple parts and sending each with a trusted courier for example) and
841:
communication so that if the message is sent once by the sender, it will be received by all the users. The main problem in multicast group communication is its security. In order to improve the security, various keys are given to the users. Using the keys, the users can encrypt their messages and
472:
Many specific applications have developed their own key management systems with home grown protocols. However, as systems become more interconnected keys need to be shared between those different systems. To facilitate this, key management standards have evolved to define the protocols used to
203:
Prior to any secured communication, users must set up the details of the cryptography. In some instances this may require exchanging identical keys (in the case of a symmetric key system). In others it may require possessing the other party's public key. While public keys can be openly exchanged
172:
Private keys used with certificates must be kept secure or unauthorised individuals can intercept confidential communications or gain unauthorised access to critical systems. Failure to ensure proper segregation of duties means that admins who generate the encryption keys can use them to access
274:
the card and card reader are both able to derive a common set of session keys based on the shared secret key and card-specific data (such as the card serial number). This method can also be used when keys must be related to each other (i.e., departmental keys are tied to divisional keys, and
160:
The starting point in any certificate and private key management strategy is to create a comprehensive inventory of all certificates, their locations and responsible parties. This is not a trivial matter because certificates from a variety of sources are deployed in a variety of locations by
275:
individual keys tied to departmental keys). However, tying keys to each other in this way increases the damage which may result from a security breach as attackers will learn something about more than one key. This reduces entropy, with regard to an attacker, for each key involved.
298:
In terms of regulation, there are few that address key storage in depth. "Some contain minimal guidance like 'don’t store keys with encrypted data' or suggest that 'keys should be kept securely.'" The notable exceptions to that are PCI DSS 3.2.1, NIST 800-53 and NIST 800–57.
391:– the most visible form of compliance, which may include locked doors to secure system equipment and surveillance cameras. These safeguards can prevent unauthorized access to printed copies of key material and computer systems that run key management software.
63:
in a sense that it involves aspects of social engineering such as system policy, user training, organizational and departmental interactions, and coordination between all of these elements, in contrast to pure mathematical practices that can be automated.
219:
key exchange protocol was published in 1975, it has become possible to exchange a key over an insecure communications channel, which has substantially reduced the risk of key disclosure during distribution. It is possible, using something akin to a
459:
for devices and applications. They may cover all aspects of security - from the secure generation of keys over the secure exchange of keys up to secure key handling and storage on the client. Thus, a KMS includes the backend functionality for
295:
of the key. Likewise, in the case of smartphone keyless access platforms, they keep all identifying door information off mobile phones and servers and encrypt all data, where just like low-tech keys, users give codes only to those they trust.
265:
A related method is to exchange a master key (sometimes termed a root key) and derive subsidiary keys as needed from that key and some other data (often referred to as diversification data). The most common use for this method is probably in
204:(their corresponding private key is kept secret), symmetric keys must be exchanged over a secure communication channel. Formerly, exchange of such a key was extremely troublesome, and was greatly eased by access to secure channels such as a
397:– protects the organization against the theft or unauthorized access of information. This is where the use of cryptographic keys comes in by encrypting data, which is then rendered useless to those who do not have the key to decrypt it.
403:– this involves assigning specific roles or privileges to personnel to access information on a strict need-to-know basis. Background checks should be performed on new employees along with periodic role changes to ensure security.
748:
The security policy of a key management system provides the rules that are to be used to protect keys and metadata that the key management system supports. As defined by the
National Institute of Standards and Technology
270:-based cryptosystems, such as those found in banking cards. The bank or credit network embeds their secret key into the card's secure key storage during card production at a secured production facility. Then at the
384:
Key management compliance refers to the oversight, assurance, and capability of being able to demonstrate that keys are securely managed. This includes the following individual compliance domains:
1525:
169:
Regulations and requirements, like PCI-DSS, demand stringent security and management of cryptographic keys and auditors are increasingly reviewing the management controls and processes in use.
250:
not suitable for use on a larger scale. Once the master key has been securely exchanged, it can then be used to securely exchange subsequent keys with ease. This technique is usually termed
504:
235:
symmetric encryption key was a mixed type early in its use; the key was a combination of secretly distributed key schedules and a user chosen session key component for each message.
82:
the keys involved are identical for both encrypting and decrypting a message. Keys must be chosen carefully, and distributed and stored securely. Asymmetric keys, also known as
842:
send them secretly. IETF.org released RFC 4046, entitled
Multicast Security (MSEC) Group Key Management Architecture, which discusses the challenges of group key management.
1361:
1529:
419:
1958:
78:
Cryptographic systems may use different types of keys, with some systems using more than one. These may include symmetric keys or asymmetric keys. In a
1575:
279:
1783:
1674:
1177:
1716:
482:
1148:
980:
Krähenbühl, Cyrill; Perrig, Adrian (2023), Mulder, Valentin; Mermoud, Alain; Lenders, Vincent; Tellenbach, Bernhard (eds.), "Key
Management",
1607:
1808:
498:
The protocol is backed by an extensive series of test cases, and interoperability testing is performed between compliant systems each year.
415:
516:
1858:
1384:
1336:
165:. Certificates that are not renewed and replaced before they expire can cause serious downtime and outages. Some other considerations:
659:
StrongKey - open source, last updated on SourceForge in 2016. There is no more maintenance on this project according to its home page.
1550:
2136:
821:
to provide authentication, and public keys to provide encryption. PKIs are used in World Wide Web traffic, commonly in the form of
1030:"Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards"
2309:
1246:
Cifuentes, Francisco; Hevia, Alejandro; Montoto, Francisco; Barros, Tomás; Ramiro, Victor; Bustos-Jiménez, Javier (2016-10-13).
464:, distribution, and replacement as well as the client functionality for injecting keys, storing and managing keys on devices.
1312:
1267:
1222:
1122:
1029:
999:
958:
1653:
427:
180:
algorithm is broken, organizations must be prepared to replace all of their certificates and keys in a matter of hours.
1908:
1500:
1053:
1617:
147:
1762:
597:
129:
2058:
911:
2304:
2032:
927:
902:
882:
770:
This protection covers the complete key life-cycle from the time the key becomes operational to its elimination.
283:
121:
20:
1833:
491:. The first version was released in 2010, and it has been further developed by an active technical committee.
487:
KMIP is an extensible key management protocol that has been developed by many organizations working within the
371:
Governance: Defining policy-driven access control and protection for data. Governance includes compliance with
228:'s code clerk was of this type, referring to a page in a statistical manual, though it was in fact a code. The
125:
246:. This approach avoids even the necessity for using a key exchange protocol like Diffie-Hellman key exchange.
215:
The advance of public key cryptography in the 1970s has made the exchange of keys less troublesome. Since the
212:
exchange of symmetric keys would enable any interceptor to immediately learn the key, and any encrypted data.
2122:
1965:
323:
307:
224:, to include key indicators as clear text attached to an encrypted message. The encryption technique used by
1582:
837:
Group key management means managing the keys in a group communication. Most of the group communications use
59:
Successful key management is critical to the security of a cryptosystem. It is the more challenging side of
2314:
2276:
The IEEE Security in
Storage Working Group (SISWG) that is creating the P1619.3 standard for Key Management
2190:
922:
2108:
330:
configurations. In order to verify the integrity of a key stored without compromising its actual value a
1787:
731:
189:
Once keys are inventoried, key management typically consists of three steps: exchange, storage and use.
52:
Key management concerns keys at the user level, either between users or systems. This is in contrast to
1410:"Bloombase KeyCastle - Enterprise Key Life-Cycle Management - Bloombase - Intelligent Storage Firewall"
46:
1720:
355:
Several challenges IT organizations face when trying to control and manage their encryption keys are:
2327:
932:
814:
808:
779:
2191:"NIST Special Publication 800 -130: A Framework for Designing Cryptographic Key Management Systems"
2175:
1639:
826:
303:
243:
110:
2297:
2290:
1479:
2346:
1812:
872:
867:
319:
315:
229:
114:
83:
79:
73:
1077:
796:
2351:
2274:
1458:
510:
Individual interoperability tests performed by each server/client vendor combination since 2012
423:
242:
compatible systems, a session key for a symmetric key algorithm is distributed encrypted by an
42:
1741:
1862:
1809:"Encryption Key Management | Encryption Key Management, Cloud Security, Data Protection"
917:
407:
162:
528:
56:, which typically refers to the internal handling of keys within the operation of a cipher.
822:
818:
753:, the policy shall establish and specify rules for this information that will protect its:
488:
161:
different individuals and teams - it's simply not possible to rely on a list from a single
1554:
286:
to issue keys without the key management system ever being in a position to see the keys.
8:
2140:
372:
322:(TPM), virtual HSMs, aka "Poor Man's Hardware Security Modules" (pmHSM), or non-volatile
2161:
639:
EPKS - Echo Public Key Share, system to share encryption keys online in a p2p community.
1318:
1273:
1228:
456:
331:
30:
1613:
1308:
1263:
1218:
1118:
1107:
Proceedings of the 2019 ACM SIGSAC Conference on
Computer and Communications Security
995:
877:
857:
1362:"Simplifying the Complex Process of Auditing a Key Management System for Compliance"
1322:
1277:
1254:. LANC '16. Valparaiso, Chile: Association for Computing Machinery. pp. 59–64.
1232:
2224:
1300:
1255:
1210:
1110:
985:
717:
588:
327:
38:
1784:"Key Management: keyAuthority - a proven solution for centralizing key management"
1606:
Fridli, Roman; Greenfield, Andrew; Dufrasne, Bert; Redbooks, I.B.M. (2016-12-28).
1304:
574:
2331:
2259:
1102:
852:
712:
411:
1214:
990:
1409:
1292:
1202:
461:
232:
216:
205:
53:
2292:
The OASIS Key
Management Interoperability Protocol (KMIP) Technical Committee
1297:
2017 International
Conference on ReConFigurable Computing and FPGAs (ReConFig)
2340:
2299:
The OASIS Enterprise Key
Management Infrastructure (EKMI)Technical Committee
2036:
1993:
527:
A list of some 80 products that conform to the KMIP standard can be found on
271:
259:
225:
1259:
1114:
455:(EKMS), is an integrated approach for generating, distributing and managing
1504:
862:
702:
255:
198:
60:
34:
2264:
1526:"Data Encryption - Enterprise Secure Key Manager | HP® Official Site"
1247:
1054:"How do you manage encryption keys and certificates in your organization?"
642:
Kmc-Subset137 - key management system implementing UNISIG Subset-137 for
653:
368:
Heterogeneity: Supporting multiple databases, applications and standards.
362:
Security: Vulnerability of keys from outside hackers, malicious insiders.
1695:
1018:(Fourth ed.). Upper Saddle River New Jersey: Pearson. p. 278.
209:
177:
2216:
1883:
2228:
1837:
1337:"Security Policy and Key Management: Centrally Manage Encryption Key"
838:
663:
614:
311:
267:
221:
37:. This includes dealing with the generation, exchange, storage, use,
2310:"Intelligent Key Management System - KeyGuard | Senergy Intellution"
1178:"Lost in translation: encryption, key management, and real security"
99:
1763:"Cryptographic Key Management System - Gemalto's SafeNet KeySecure"
1355:
1353:
887:
251:
2215:
Baugher, M.; Canetti, R.; Dondeti, L.; Lindholm, F. (2005-04-01).
2189:
Barker, Elaine; Smid, Miles; Branstad, Dennis; Chokhani, Santosh.
1909:"Big Seven Crypto Study - Wikibooks, open books for an open world"
476:
1423:
553:
239:
2287:- ANSI X9.24, Retail Financial Services Symmetric Key Management
1605:
1445:"VaultCore - Encryption Key Management Platform | Fornetix"
1444:
1350:
473:
manage and exchange cryptographic keys and related information.
2319:
2245:
1933:
1742:"RSA Data Protection Manager - Data Encryption, Key Management"
1201:
Gopal, Venkatesh; Fadnavis, Shikha; Coffman, Joel (July 2018).
952:
950:
948:
897:
608:
365:
Availability: Ensuring data accessibility for authorized users.
2019:"Key Management Service (AWS KMS) - Amazon Web Services (AWS)"
2018:
1640:"Getting started with IBM Cloud Hyper Protect Crypto Services"
2217:"Multicast Security (MSEC) Group Key Management Architecture"
2214:
1609:
Data-at-rest
Encryption for the IBM Spectrum Accelerate Famil
643:
1912:
945:
2084:
2006:
1245:
892:
750:
737:
656:- two factor management with support for managing SSH keys.
647:
410:
can be achieved with respect to national and international
1385:"Buyer's Guide to Choosing a Crypto Key Management System"
1252:
Proceedings of the 9th Latin
America Networking Conference
817:
is a type of key management system that uses hierarchical
2324:
2182:
1981:
1101:
Jarecki, Stanislaw; Krawczyk, Hugo; Resch, Jason (2019).
907:
792:
680:
1896:
1376:
1103:"Updatable Oblivious Key Management for Storage Systems"
674:
669:
359:
Scalability: Managing a large number of encryption keys.
2282:
1293:"Flexible and low-cost HSM based on non-volatile FPGAs"
2188:
1143:
1141:
799:
where customers have exclusive control of their keys.
707:
693:
Amazon Web Service (AWS) Key Management Service (KMS)
984:, Cham: Springer Nature Switzerland, pp. 15–20,
982:
Trends in Data Protection and Encryption Technologies
2257:
Recommendation for Key Management — Part 1: general,
2007:
Manage secrets and protect sensitive data with Vault
1200:
1100:
683:- end-to-end open-source secret management platform.
622:
433:
1138:
1078:"Block Cipher - an overview | ScienceDirect Topics"
522:
Results of 2017 OASIS KMIP interoperability testing
420:
Health Insurance Portability and Accountability Act
41:(destruction) and replacement of keys. It includes
1291:Parrinha, Diogo; Chaves, Ricardo (December 2017).
802:
773:
1551:"IBM Enterprise Key Management Foundation (EKMF)"
832:
636:KeyBox - web-based SSH access and key management.
467:
318:(MPC). Additional alternatives include utilizing
49:, user procedures, and other relevant protocols.
2338:
2196:. National Institute of Standards and Technology
2050:
1404:
1402:
979:
347:, stolen, cryptanalyzed, or social engineered).
176:If a certificate authority is compromised or an
1207:2018 IEEE World Congress on Services (SERVICES)
483:Key Management Interoperability Protocol (KMIP)
477:Key Management Interoperability Protocol (KMIP)
2162:"UKM Zero Trust SSH Encryption Key Management"
1290:
306:(HSM) or protected using technologies such as
302:For optimal security, keys may be stored in a
1399:
1248:"Poor Man's Hardware Security Module (PMHSM)"
1109:. Vol. November 2019. pp. 379–393.
959:"What Is Key Management? A CISO Perspective"
565:IBM Distributed Key Management System (DKMS)
495:well as meta data associated with the keys.
416:Payment Card Industry Data Security Standard
1149:"An ancient technology gets a key makeover"
795:offers a variant of this capability called
128:. Unsourced material may be challenged and
2176:"Encryption & Key Management Overview"
1576:"IBM Enterprise Key Management Foundation"
1013:
677:- end-to-end encrypted SaaS key management
2305:"Key Management with a Powerful Keystore"
989:
713:Encryptionizer Key Manager (Windows only)
148:Learn how and when to remove this message
2320:NeoKeyManager - Hancom Intelligence Inc.
2315:IBM Security Key Lifecycle Manager, SKLM
2246:NeoKeyManager - Hancom Intelligence Inc.
568:IBM Enterprise Key Management Foundation
438:
575:IBM Cloud Hyper Protect Crypto Services
2339:
1811:. Townsendsecurity.com. Archived from
1786:. Thales-esecurity.com. Archived from
1719:. Quintessencelabs.com. Archived from
743:
605:Townsend Security Alliance Key Manager
2284:American National Standards Institute
1203:"Low-Cost Distributed Key Management"
633:Barbican, the OpenStack security API.
337:
2059:"Cryptomathic Key Management System"
2056:
1528:. H17007.www1.hp.com. Archived from
1359:
1172:
1170:
1155:. Crain's New York. 20 November 2013
126:adding citations to reliable sources
93:
1014:Boyle, Randall; Panko, Ray (2015).
449:cryptographic key management system
414:standards and regulations, such as
184:
13:
1859:"Vormetric Data Security Platform"
1382:
956:
687:
571:IBM Security Key Lifecycle Manager
428:General Data Protection Regulation
14:
2363:
2250:
1982:Authentication System privacyIDEA
1897:SSHKeyBox - Services and Products
1167:
623:Non-KMIP-compliant key management
544:Cryptsoft KMIP C and Java Servers
434:Management and compliance systems
1934:"KMC-Subject137 Library Project"
1480:"Futurex Key Management Servers"
1459:"Fortanix Data Security Manager"
912:Electronic Key Management System
562:HP Enterprise Secure Key Manager
534:
515:
503:
453:enterprise key management system
238:In more modern systems, such as
98:
67:
16:Management of cryptographic keys
2260:NIST Special Publication 800-57
2208:
2168:
2154:
2129:
2115:
2101:
2077:
2025:
2011:
2000:
1986:
1975:
1951:
1926:
1901:
1890:
1876:
1861:. Vormetric.com. Archived from
1851:
1826:
1801:
1776:
1755:
1734:
1709:
1688:
1667:
1646:
1632:
1599:
1568:
1543:
1518:
1493:
1472:
1451:
1437:
1416:
1329:
1284:
1239:
1194:
928:Oblivious Pseudorandom Function
903:List of cryptographic key types
803:Public-key infrastructure (PKI)
774:Bring your own encryption / key
284:oblivious pseudorandom function
192:
21:Key management (disambiguation)
2139:. Porticor.com. Archived from
2085:"Doppler | SecretOps Platform"
1959:"On-line Key Management FFFIS"
1094:
1070:
1046:
1022:
1007:
973:
833:Multicast group key management
627:
550:Fortanix Data Security Manager
468:Standards-based key management
324:Field-Programmable-Gate-Arrays
289:
1:
1654:"Key Manager | Database"
1503:. Gazzang.com. Archived from
1305:10.1109/RECONFIG.2017.8279795
939:
728:Porticor Virtual Private Data
591:qCrypt Key and Policy Manager
379:
350:
308:Trusted Execution Environment
2137:"About Virtual Private Data"
1675:"Key Manager | Storage"
1553:. 03.ibm.com. Archived from
1339:. Slideshare.net. 2012-08-13
1034:www.pcisecuritystandards.org
923:Pseudorandom function family
89:
7:
1215:10.1109/SERVICES.2018.00042
1016:Corporate Computer Security
991:10.1007/978-3-031-33386-6_4
845:
732:SSH Communications Security
718:Google Cloud Key Management
662:Vault - secret server from
598:Gemalto’s SafeNet KeySecure
594:RSA Data Protection Manager
10:
2368:
2123:"What is Azure Key Vault?"
806:
777:
708:Doppler SecretOps Platform
547:Fornetix Key Orchestration
480:
254:. A common technique uses
196:
173:sensitive, regulated data.
71:
18:
2035:. Bell ID. Archived from
1153:Crain's New York Business
933:Public key infrastructure
815:public-key infrastructure
809:Public key infrastructure
785:Bring your own encryption
780:Bring your own encryption
734:Universal SSH Key Manager
725:Microsoft Azure Key Vault
611:Trust Protection Platform
29:refers to management of
766:Authentication of source
320:Trusted Platform Modules
304:Hardware Security Module
244:asymmetric key algorithm
2033:"Key Management System"
1260:10.1145/2998373.2998452
1115:10.1145/3319535.3363196
883:Physical key management
873:Key distribution center
868:Key derivation function
447:(KMS), also known as a
334:algorithm can be used.
326:(FPGA) with supporting
316:Multi-Party Computation
80:symmetric key algorithm
74:Cryptographic key types
1884:"Barbican - OpenStack"
722:IBM Cloud Key Protect
617:Data Security Platform
43:cryptographic protocol
2267:Cryptographic Toolkit
1938:KMC-Subset137 Project
1834:"What We do – Venafi"
1765:. Safenet.Gemalto.com
1082:www.sciencedirect.com
918:Over-the-air rekeying
602:Thales Key Management
445:key management system
439:Key management system
163:certificate authority
819:digital certificates
650:railway application.
541:Bloombase KeyCastle
489:OASIS standards body
122:improve this section
19:For other uses, see
2125:. 18 December 2022.
1557:on October 13, 2011
1360:Reinholm, James H.
787:(BYOE)—also called
744:KMS security policy
699:Bloombase KeyCastle
696:Bell ID Key Manager
585:P6R KMIP Client SDK
2330:2022-11-30 at the
1501:"Gazzang zTrustee"
1209:. pp. 57–58.
789:bring your own key
582:Oracle Key Manager
457:cryptographic keys
424:Sarbanes–Oxley Act
401:Personnel security
338:Key encryption use
258:and cryptographic
31:cryptographic keys
2063:cryptomathic.com/
2057:Landrock, Peter.
1744:. EMC. 2013-04-18
1447:. 29 August 2019.
1314:978-1-5386-3797-5
1269:978-1-4503-4591-0
1224:978-1-5386-7374-4
1182:Google Cloud Blog
1124:978-1-4503-6747-9
1001:978-3-031-33386-6
878:Key encapsulation
858:Hardware security
797:Keep Your Own Key
703:Cryptomathic CKMS
579:Oracle Key Vault
529:the OASIS website
389:Physical security
158:
157:
150:
2359:
2239:
2238:
2236:
2235:
2229:10.17487/RFC4046
2221:Ietf Datatracker
2212:
2206:
2205:
2203:
2201:
2195:
2186:
2180:
2179:
2172:
2166:
2165:
2158:
2152:
2151:
2149:
2148:
2133:
2127:
2126:
2119:
2113:
2112:
2109:"IBM Cloud Docs"
2105:
2099:
2098:
2096:
2095:
2081:
2075:
2074:
2072:
2070:
2054:
2048:
2047:
2045:
2044:
2029:
2023:
2022:
2015:
2009:
2004:
1998:
1997:
1990:
1984:
1979:
1973:
1972:
1970:
1964:. Archived from
1963:
1955:
1949:
1948:
1946:
1944:
1930:
1924:
1923:
1921:
1920:
1911:. Archived from
1905:
1899:
1894:
1888:
1887:
1880:
1874:
1873:
1871:
1870:
1855:
1849:
1848:
1846:
1845:
1836:. Archived from
1830:
1824:
1823:
1821:
1820:
1805:
1799:
1798:
1796:
1795:
1780:
1774:
1773:
1771:
1770:
1759:
1753:
1752:
1750:
1749:
1738:
1732:
1731:
1729:
1728:
1713:
1707:
1706:
1704:
1703:
1692:
1686:
1685:
1683:
1682:
1671:
1665:
1664:
1662:
1661:
1650:
1644:
1643:
1636:
1630:
1629:
1627:
1626:
1603:
1597:
1596:
1594:
1593:
1587:
1581:. Archived from
1580:
1572:
1566:
1565:
1563:
1562:
1547:
1541:
1540:
1538:
1537:
1522:
1516:
1515:
1513:
1512:
1497:
1491:
1490:
1488:
1487:
1476:
1470:
1469:
1467:
1466:
1455:
1449:
1448:
1441:
1435:
1434:
1432:
1431:
1420:
1414:
1413:
1406:
1397:
1396:
1394:
1392:
1380:
1374:
1373:
1371:
1369:
1357:
1348:
1347:
1345:
1344:
1333:
1327:
1326:
1299:. pp. 1–8.
1288:
1282:
1281:
1243:
1237:
1236:
1198:
1192:
1191:
1189:
1188:
1174:
1165:
1164:
1162:
1160:
1145:
1136:
1135:
1133:
1131:
1098:
1092:
1091:
1089:
1088:
1074:
1068:
1067:
1065:
1064:
1058:www.linkedin.com
1050:
1044:
1043:
1041:
1040:
1026:
1020:
1019:
1011:
1005:
1004:
993:
977:
971:
970:
968:
966:
957:Turner, Dawn M.
954:
589:QuintessenceLabs
559:Gazzang zTrustee
519:
507:
395:Logical security
185:Management steps
153:
146:
142:
139:
133:
102:
94:
39:crypto-shredding
2367:
2366:
2362:
2361:
2360:
2358:
2357:
2356:
2337:
2336:
2332:Wayback Machine
2253:
2242:
2233:
2231:
2213:
2209:
2199:
2197:
2193:
2187:
2183:
2174:
2173:
2169:
2160:
2159:
2155:
2146:
2144:
2135:
2134:
2130:
2121:
2120:
2116:
2107:
2106:
2102:
2093:
2091:
2089:www.doppler.com
2083:
2082:
2078:
2068:
2066:
2055:
2051:
2042:
2040:
2031:
2030:
2026:
2017:
2016:
2012:
2005:
2001:
1996:. 6 April 2016.
1992:
1991:
1987:
1980:
1976:
1968:
1961:
1957:
1956:
1952:
1942:
1940:
1932:
1931:
1927:
1918:
1916:
1907:
1906:
1902:
1895:
1891:
1882:
1881:
1877:
1868:
1866:
1857:
1856:
1852:
1843:
1841:
1832:
1831:
1827:
1818:
1816:
1807:
1806:
1802:
1793:
1791:
1782:
1781:
1777:
1768:
1766:
1761:
1760:
1756:
1747:
1745:
1740:
1739:
1735:
1726:
1724:
1715:
1714:
1710:
1701:
1699:
1694:
1693:
1689:
1680:
1678:
1673:
1672:
1668:
1659:
1657:
1652:
1651:
1647:
1638:
1637:
1633:
1624:
1622:
1620:
1604:
1600:
1591:
1589:
1585:
1578:
1574:
1573:
1569:
1560:
1558:
1549:
1548:
1544:
1535:
1533:
1524:
1523:
1519:
1510:
1508:
1499:
1498:
1494:
1485:
1483:
1478:
1477:
1473:
1464:
1462:
1457:
1456:
1452:
1443:
1442:
1438:
1429:
1427:
1422:
1421:
1417:
1408:
1407:
1400:
1390:
1388:
1381:
1377:
1367:
1365:
1358:
1351:
1342:
1340:
1335:
1334:
1330:
1315:
1289:
1285:
1270:
1244:
1240:
1225:
1199:
1195:
1186:
1184:
1176:
1175:
1168:
1158:
1156:
1147:
1146:
1139:
1129:
1127:
1125:
1099:
1095:
1086:
1084:
1076:
1075:
1071:
1062:
1060:
1052:
1051:
1047:
1038:
1036:
1028:
1027:
1023:
1012:
1008:
1002:
978:
974:
964:
962:
955:
946:
942:
937:
853:Dynamic secrets
848:
835:
811:
805:
782:
776:
757:Confidentiality
746:
690:
630:
625:
620:
537:
523:
520:
511:
508:
485:
479:
470:
441:
436:
412:data protection
382:
373:data protection
353:
340:
292:
201:
195:
187:
154:
143:
137:
134:
119:
103:
92:
76:
70:
24:
17:
12:
11:
5:
2365:
2355:
2354:
2349:
2347:Key management
2335:
2334:
2322:
2317:
2312:
2307:
2302:
2295:
2288:
2271:
2270:
2262:
2252:
2251:External links
2249:
2241:
2240:
2207:
2181:
2167:
2153:
2128:
2114:
2100:
2076:
2065:. Cryptomathic
2049:
2024:
2010:
1999:
1985:
1974:
1971:on 2018-07-27.
1950:
1925:
1900:
1889:
1875:
1850:
1825:
1800:
1775:
1754:
1733:
1708:
1687:
1666:
1645:
1631:
1618:
1598:
1567:
1542:
1517:
1492:
1471:
1450:
1436:
1415:
1398:
1387:. Cryptomathic
1375:
1364:. Cryptomathic
1349:
1328:
1313:
1283:
1268:
1238:
1223:
1193:
1166:
1137:
1123:
1093:
1069:
1045:
1021:
1006:
1000:
972:
961:. Cryptomathic
943:
941:
938:
936:
935:
930:
925:
920:
915:
905:
900:
895:
890:
885:
880:
875:
870:
865:
860:
855:
849:
847:
844:
834:
831:
807:Main article:
804:
801:
778:Main article:
775:
772:
768:
767:
764:
761:
758:
745:
742:
741:
740:
738:Akeyless Vault
735:
729:
726:
723:
720:
715:
710:
705:
700:
697:
694:
689:
686:
685:
684:
678:
672:
667:
660:
657:
651:
640:
637:
634:
629:
626:
624:
621:
619:
618:
612:
606:
603:
600:
595:
592:
586:
583:
580:
577:
572:
569:
566:
563:
560:
557:
556:Key Management
551:
548:
545:
542:
538:
536:
533:
525:
524:
521:
514:
512:
509:
502:
481:Main article:
478:
475:
469:
466:
462:key generation
440:
437:
435:
432:
405:
404:
398:
392:
381:
378:
377:
376:
369:
366:
363:
360:
352:
349:
339:
336:
328:System-on-Chip
291:
288:
260:hash functions
217:Diffie-Hellman
206:diplomatic bag
197:Main article:
194:
191:
186:
183:
182:
181:
174:
170:
156:
155:
106:
104:
97:
91:
88:
72:Main article:
69:
66:
54:key scheduling
27:Key management
15:
9:
6:
4:
3:
2:
2364:
2353:
2352:Data security
2350:
2348:
2345:
2344:
2342:
2333:
2329:
2326:
2323:
2321:
2318:
2316:
2313:
2311:
2308:
2306:
2303:
2301:
2300:
2296:
2294:
2293:
2289:
2286:
2285:
2281:
2280:
2279:
2278:
2277:
2269:
2268:
2263:
2261:
2258:
2255:
2254:
2248:
2247:
2230:
2226:
2222:
2218:
2211:
2192:
2185:
2177:
2171:
2163:
2157:
2143:on 2013-07-31
2142:
2138:
2132:
2124:
2118:
2110:
2104:
2090:
2086:
2080:
2064:
2060:
2053:
2039:on 2014-01-17
2038:
2034:
2028:
2020:
2014:
2008:
2003:
1995:
1989:
1983:
1978:
1967:
1960:
1954:
1939:
1935:
1929:
1915:on 2016-08-09
1914:
1910:
1904:
1898:
1893:
1885:
1879:
1865:on 2016-04-10
1864:
1860:
1854:
1840:on 2014-07-11
1839:
1835:
1829:
1815:on 2016-03-04
1814:
1810:
1804:
1790:on 2012-09-10
1789:
1785:
1779:
1764:
1758:
1743:
1737:
1723:on 2015-10-02
1722:
1718:
1712:
1697:
1691:
1676:
1670:
1655:
1649:
1641:
1635:
1621:
1619:9780738455839
1615:
1611:
1610:
1602:
1588:on 2014-12-29
1584:
1577:
1571:
1556:
1552:
1546:
1532:on 2012-07-10
1531:
1527:
1521:
1507:on 2014-08-07
1506:
1502:
1496:
1482:. Futurex.com
1481:
1475:
1460:
1454:
1446:
1440:
1425:
1419:
1411:
1405:
1403:
1386:
1383:Stubbs, Rob.
1379:
1363:
1356:
1354:
1338:
1332:
1324:
1320:
1316:
1310:
1306:
1302:
1298:
1294:
1287:
1279:
1275:
1271:
1265:
1261:
1257:
1253:
1249:
1242:
1234:
1230:
1226:
1220:
1216:
1212:
1208:
1204:
1197:
1183:
1179:
1173:
1171:
1154:
1150:
1144:
1142:
1126:
1120:
1116:
1112:
1108:
1104:
1097:
1083:
1079:
1073:
1059:
1055:
1049:
1035:
1031:
1025:
1017:
1010:
1003:
997:
992:
987:
983:
976:
960:
953:
951:
949:
944:
934:
931:
929:
926:
924:
921:
919:
916:
913:
909:
906:
904:
901:
899:
896:
894:
891:
889:
886:
884:
881:
879:
876:
874:
871:
869:
866:
864:
861:
859:
856:
854:
851:
850:
843:
840:
830:
828:
824:
820:
816:
810:
800:
798:
794:
790:
786:
781:
771:
765:
762:
759:
756:
755:
754:
752:
739:
736:
733:
730:
727:
724:
721:
719:
716:
714:
711:
709:
706:
704:
701:
698:
695:
692:
691:
688:Closed source
682:
679:
676:
673:
671:
668:
665:
661:
658:
655:
652:
649:
645:
641:
638:
635:
632:
631:
616:
613:
610:
607:
604:
601:
599:
596:
593:
590:
587:
584:
581:
578:
576:
573:
570:
567:
564:
561:
558:
555:
552:
549:
546:
543:
540:
539:
535:Closed source
532:
530:
518:
513:
506:
501:
500:
499:
496:
492:
490:
484:
474:
465:
463:
458:
454:
450:
446:
431:
429:
425:
421:
417:
413:
409:
402:
399:
396:
393:
390:
387:
386:
385:
375:requirements.
374:
370:
367:
364:
361:
358:
357:
356:
348:
346:
335:
333:
329:
325:
321:
317:
313:
309:
305:
300:
296:
287:
285:
281:
280:recent method
276:
273:
272:point of sale
269:
263:
261:
257:
256:block ciphers
253:
247:
245:
241:
236:
234:
231:
227:
226:Richard Sorge
223:
218:
213:
211:
207:
200:
190:
179:
175:
171:
168:
167:
166:
164:
152:
149:
141:
131:
127:
123:
117:
116:
112:
107:This section
105:
101:
96:
95:
87:
85:
81:
75:
68:Types of keys
65:
62:
57:
55:
50:
48:
44:
40:
36:
32:
28:
22:
2298:
2291:
2283:
2275:
2272:
2266:
2256:
2243:
2232:. Retrieved
2220:
2210:
2198:. Retrieved
2184:
2170:
2156:
2145:. Retrieved
2141:the original
2131:
2117:
2103:
2092:. Retrieved
2088:
2079:
2067:. Retrieved
2062:
2052:
2041:. Retrieved
2037:the original
2027:
2013:
2002:
1988:
1977:
1966:the original
1953:
1941:. Retrieved
1937:
1928:
1917:. Retrieved
1913:the original
1903:
1892:
1878:
1867:. Retrieved
1863:the original
1853:
1842:. Retrieved
1838:the original
1828:
1817:. Retrieved
1813:the original
1803:
1792:. Retrieved
1788:the original
1778:
1767:. Retrieved
1757:
1746:. Retrieved
1736:
1725:. Retrieved
1721:the original
1711:
1700:. Retrieved
1690:
1679:. Retrieved
1669:
1658:. Retrieved
1648:
1634:
1623:. Retrieved
1608:
1601:
1590:. Retrieved
1583:the original
1570:
1559:. Retrieved
1555:the original
1545:
1534:. Retrieved
1530:the original
1520:
1509:. Retrieved
1505:the original
1495:
1484:. Retrieved
1474:
1463:. Retrieved
1453:
1439:
1428:. Retrieved
1418:
1389:. Retrieved
1378:
1366:. Retrieved
1341:. Retrieved
1331:
1296:
1286:
1251:
1241:
1206:
1196:
1185:. Retrieved
1181:
1157:. Retrieved
1152:
1128:. Retrieved
1106:
1096:
1085:. Retrieved
1081:
1072:
1061:. Retrieved
1057:
1048:
1037:. Retrieved
1033:
1024:
1015:
1009:
981:
975:
963:. Retrieved
863:Key ceremony
836:
812:
788:
784:
783:
769:
763:Availability
747:
526:
497:
493:
486:
471:
452:
448:
444:
442:
406:
400:
394:
388:
383:
354:
344:
341:
301:
297:
293:
277:
264:
248:
237:
214:
202:
199:Key exchange
193:Key exchange
188:
159:
144:
135:
120:Please help
108:
77:
61:cryptography
58:
51:
35:cryptosystem
26:
25:
1994:"StrongKey"
1426:. Cryptsoft
1424:"Cryptsoft"
654:privacyIDEA
628:Open source
310:(TEE, e.g.
290:Key storage
230:German Army
84:public keys
47:key servers
2341:Categories
2234:2017-06-12
2147:2013-08-06
2094:2022-08-26
2043:2014-01-17
1919:2016-07-16
1869:2015-12-15
1844:2014-09-27
1819:2013-08-06
1794:2013-08-06
1769:2013-08-06
1748:2013-08-06
1727:2016-04-01
1702:2015-05-11
1681:2013-08-06
1660:2018-08-28
1625:2017-06-12
1592:2013-02-08
1561:2013-08-06
1536:2013-08-06
1511:2013-08-06
1486:2016-08-18
1465:2022-06-02
1461:. Fortanix
1430:2013-08-06
1343:2013-08-06
1187:2021-09-16
1087:2020-12-12
1063:2023-09-25
1039:2022-02-16
940:References
451:(CKMS) or
408:Compliance
380:Compliance
351:Challenges
210:Clear text
178:encryption
2069:April 20,
839:multicast
760:Integrity
681:Infisical
675:SecretHub
664:HashiCorp
615:Vormetric
312:Intel SGX
268:smartcard
222:book code
138:June 2017
109:does not
90:Inventory
2328:Archived
1717:"qCrypt"
1677:. Oracle
1656:. Oracle
1391:12 March
1323:23673629
1278:16784459
1233:53081136
888:Keystore
846:See also
670:NuCypher
282:uses an
252:key wrap
45:design,
2325:KMS Key
1943:14 July
1130:Jan 27,
554:Futurex
240:OpenPGP
130:removed
115:sources
2200:30 May
1616:
1368:30 May
1321:
1311:
1276:
1266:
1231:
1221:
1159:19 May
1121:
998:
965:30 May
914:(EKMS)
898:KSD-64
609:Venafi
233:Enigma
2265:NIST
2194:(PDF)
1969:(PDF)
1962:(PDF)
1698:. P6R
1696:"P6R"
1586:(PDF)
1579:(PDF)
1319:S2CID
1274:S2CID
1229:S2CID
644:ERTMS
426:, or
314:) or
33:in a
2202:2016
2071:2015
1945:2024
1614:ISBN
1393:2018
1370:2016
1309:ISBN
1264:ISBN
1219:ISBN
1161:2015
1132:2024
1119:ISBN
996:ISBN
967:2016
893:KMIP
825:and
751:NIST
648:ETCS
345:e.g.
113:any
111:cite
2273:Q*
2244:45.
2225:doi
1301:doi
1256:doi
1211:doi
1111:doi
986:doi
910:'s
908:NSA
827:TLS
823:SSL
793:IBM
332:KCV
124:by
2343::
2223:.
2219:.
2087:.
2061:.
1936:.
1612:.
1401:^
1352:^
1317:.
1307:.
1295:.
1272:.
1262:.
1250:.
1227:.
1217:.
1205:.
1180:.
1169:^
1151:.
1140:^
1117:.
1105:.
1080:.
1056:.
1032:.
994:,
947:^
829:.
813:A
531:.
443:A
430:.
422:,
418:,
278:A
262:.
208:.
2237:.
2227::
2204:.
2178:.
2164:.
2150:.
2111:.
2097:.
2073:.
2046:.
2021:.
1947:.
1922:.
1886:.
1872:.
1847:.
1822:.
1797:.
1772:.
1751:.
1730:.
1705:.
1684:.
1663:.
1642:.
1628:.
1595:.
1564:.
1539:.
1514:.
1489:.
1468:.
1433:.
1412:.
1395:.
1372:.
1346:.
1325:.
1303::
1280:.
1258::
1235:.
1213::
1190:.
1163:.
1134:.
1113::
1090:.
1066:.
1042:.
988::
969:.
666:.
646:/
151:)
145:(
140:)
136:(
132:.
118:.
23:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
