AS 2805.6.1.4:2009 - Electronic funds transfer—Requirements for interfaces Part 6.1.4: Key management—Asymmetric crypto systems-Key management and life cycle

AS 2805.6.1.4:2009 – Electronic funds transfer—Requirements for interfaces Part 6.1.4: Key management—Asymmetric crypto systems-Key management and life cycle.
4.2 Establishment and storage of symmetric keys
Keys of a symmetric cipher may be established by key transport or by key agreement. Mechanisms for key transport and key agreement are descnbed in ISO/IEC 11770-3. The mechanisms used shall ensure the authenticity of the communicating parties,
Symmetric keys shall be stored as descflbed in ISO 11568-2.
4.3 Storage and distribution of asymmetric public keys
The public key of an asymmetric key pair needs to be distributed to. and stored by. one or more users for subsequent use as an encipherment key and/or signature verification key, or for use in a key agreement mechanism. Although this key need not be protected from disclosure, the distribution and storage procedures shall ensure that key authenticity and integrity is maintained as defined in 5.6.1.
Mechanisms for the distribution of asymmetric public keys are described in ISO/IEC 11770-3.
4.4 Storage and transfer of asymmetric private keys
The private key of an asymmetflc key pair does not necessarily need to be distributed to any entity. In some cases it can be maintained only within the secure cryptographic device (SCD) that generated it.
If it must be output from the SCD that generated it (e.g., for transfer to another SCD where 4 is to be used. or for backup purposes) it shall be protected from compromise by at least one of the following techniques
— encipherment with another cryptographic key as defined in 5.2;
— if non-encrypted and outside an SCD. as key shares using an acceptable key segmentation algorithm (see clause 63.2.3 and bibliography [8]);
— outputting into another SCD, which either is the SCD where it is to be used, or is a secure key transfer device intended for this use; if the communications path is not fLily secured, then the transfer shall only be permitted inside a secure environment
The integrity of the pnvate key shall be ensured using one of the techniques de(ied in 5.6.2.
5 Techniques for the provision of key management services
5.1 Introduction
This clause describes the techniques that may be used, individually or in combination, to provide the key management services introduced in ISO 11568-1. Some techniques provide multiple key management services.
Asymmetric key pairs should not be used for multiple purposes. However, if a key par is used for multiple purposes, e.g. digital signatures and encipherment, then special key separation techniques shall be employed which ensure that the system Is not open to attack by transformations using the key pair. The selected techniques shall be implemented in an SCD. The functionality of the cryptographic device shall ensure that the implementation of a technique is such that the intended purpose of the technique is achieved.
The characteristics and management requirements for an SCD are defined in ISO 13491-1.
5.2 Key encipherment
5.2.1 General
Key encipherment Is a technique whereby one key Is enciphered using another key. The resulting enciphered key may then exist securely outside of an SCD. A key used to perform such encipherment is called a key encipherment key (KEK).
Two differing cases of key encipherment Invoiving asymmetric keys and ciphers are described here:
a) encipherment of a symmetric key using an asymrnebic cipher
b) encipherment of an asymmetric key using a symmetric cipher
5.2.2 Encipherment of a symmetric key using an asymmetric cipher
Encipherment of a symmetric key using the public key of an asymmetric cipher is typically used for the distribution of that key using a non-secure channel. The enciphered key may be a working key, or may itself be a KEK Thus, mixed key hierarchies, as descnbed in ISO 11568-2. may be created which incorporate the keys of both symmetric and asymmetric ciphers.
The symmetric key shall be formatted into a data block appropriate to the encipherment operation. As me block size of asymmetric ciphers tends to be larger than tI’ie key size of symmetric ciphers. It Is usually possible to Include more than one key In the data block for encipherment. Additionally. formattIng information. random padding arid redundancy characters shall be incorporated In the data block (see ISOIIEC 18033-2).
5.2.3 Encipherment of an asymmetric key using a symmetric cipher
Asymmetric keys may be enciphered using a symmetric clpher
As the keys of asymmetric cryptosystems tend to be larger than the block size of symmetric ciphers, the asymmetric key may be formatted into multiple data blocks for encipherment. Therefore, the cipher block chaining mode of operation (see ISOIIEC 10116) or an equivalent operation shall be used for encipherment
Due consideration shall be paid to known attacks when assessing the equivalent strength of various cryptographic algorithms. Generally an algorithm can be said to provide s bits of strength where the best- known attack would take, on average. 2 1T to attack, where T is the amount of time that is required to perform one encryption of a plaintext value and comparison of the result against the correspondwig ciphertext value.