Key Encryption Key
A key encryption key (KEK) is a cryptographic key that is used for encrypting other cryptographic keys.
The security of any use of cryptography depends on keeping the cryptographic keys secure. This follows Kerchoffs’ principle (see ) that when analyzing the strength of a cryptosystem, one should assume that the cryptographic algorithms are known to the attacker. This means that it is of utmost importance that cryptographic keys are managed securely when they are used and stored as well as when they are transmitted between parties sharing the keys. Such protection can be achieved by encrypting the keys under other cryptographic keys called key encryption keys. As a key encryption key can encrypt many other keys, proper handling of one key encryption key can be used to secure many other keys.
When a system or an...
- 1.Kerckhoffs A (Jan 1883) La cryptographie militaire. J Sci Mil IX:5–38. http://www.petitcolas.net/fabien/kerckhoffs/
- 2.FIPS140 (2001) Security requirements for cryptographic modules. FIPS 140-2. NIST, Gaithersburg, 25 May 2001Google Scholar
- 3.ISO/IEC 19790 Information technology – security techniques – security requirements for cryptographic modulesGoogle Scholar
- 4.ISO 11568-2 (2007) Banking – key management (retail) – symmetric ciphers, their key management and life cycleGoogle Scholar