ISO 11568-4:2007 pdf download – Banking -Key management (retail)一Part 4: Asymmetric crypto systems一Key management and life cycle.
4.2 Establishment and storage of symmetric keys
Keys of a symmetric cipher may be established by key transport or by key agreement. Mechanisms for key transport and key agreement are described in ISO/IEC 1 17703. The mechanisms used shall ensure me authenticity of the communicating parties.
Symmetric keys shall be stored as described in ISO 11568-2.
4.3 Storage and distribution of asymmetric public keys
The public key of an asymmetric key pair needs to be distributed to. and stored by, one or more users for subsequent use as an encipherment key andor signature verification key, or for use in a key agreement mechanism. Although this key need not be protected from disclosure, the distribution and storage procedures shall ensure that key authenticity and integrity is maintained as defined in 5.6.1.
Mechanisms for the distribution of asymmetric public keys are described in lSO’lEC 11770-3.
4.4 Storage and transfer of asymmetric private keys
The private key of an asymmetric key pair does not necessarily need to be d4stributed to any entity. In some cases it can be maintained only within me secure Cryptographic device (SCD) that generated it,
flit must be output fron, the SCD that generated it (e.g. for transfer to another SCD where it is to be used, or for backup purposes) it shall be protected from compromise by at least one of the following techniques:
— encipherment with another cryptographic key as defined in 5.2:
— if non-encrypted and outside an SCO, as key shares using an acceptable key segmentation algorithm see clause 6.3.2.3 and Bliography [8J):
outputting into another SCD, which either is the SCD where it is to be used, or is a secure key transfer device intended for this use: if the communications path is not fully secured, then the transfer shall ordy be permitted inside a secure environment.
The integrity of the private key shall be ensured using one 01 the techniques defined in 5.6.2.
5 Techniques for the provision of key management services
5.1 Introduction
Thes clause describes the tecsiniques that may be used, iidividually or in rornbi,iaL,on, to provide the Iwy management services introduced in ISO 11568-1. Some techniques provide multiple key management services.
Asymmetric key pairs should not be used for multiple purposes. However, it a key pair is used for multiple purposes. e.g. digital signatures and encipherment, then special key separation techniques shall be employed which ensure that the system is not open to attack by transformations using the key pair. The selected techniques shall be implemented in an SCO. The functionality of the cryptographic device shall ensure that the implementation of a technique is such that the intended purpose of the technique is achieved.
The characlerislics and management requirements for an SCO are defined in ISO 13491-1.
5.2 Key encipherment
5.2.1 General
Key encherment is a technique whereby one key is enciphered using another key. The resulting enciphered key may then exist securely outside of an SCD. A key used to perform such encipherment Is called a key encipherment key (KEK).
Two dittertng cases of key encipherment involving asymmetric keys and ciphers are described here:
a) encipherment of a symmetric key using an asymmetric cipher;
b) encipherment of an asymmetric key using a symmetric cipher.
5.2.2 EncIpherment of a symmetric key using an asymmetric cipher
Encipherment of a symmetric key using the public key of an asymmetric cipher is typically used for the distribution of that key using a non-secure channel. The enciphered key may be a working key, or may itself be a KEK. Thus, mixed key hierarchies. as described in Iso 11568-2. may be created which incorporate the keys of both symmetric and asymmetric ciphers.
The symmetric key shall be formatted into a data block appropriate to tne encipherment operation. As the block size of asymmetric ciphers tends to be larger than the key size of symmetric ciphers, it Is usually possible to include more Than one key in the data block for encipherment Additionally, formatting Information. random padding and redundancy characters shall be Incorporated In the data block (see lSOlEC 18033-2).
5.2.3 EncIpherment of an asymmetric key using a symmetric cipher Asymmetric keys may be enciphered using a symmetric cipher.
As the keys of asymmetric cryptosystenis tend to be larger than the block size of symmetric ciphers, the asymmetric key may be formatted into multiple data blocks for encipherment. Therefore, the cipher block chaining mode of operation (see ISO,IEC 10116) or an equivalent operation shall be used for encipherment.
Due consideration shall be paid to known attacks when assessing the equivalent strength of various cryptographic algorithms. Generally an algorithm can be said to provide a bits of strength where the best- known attack would take, on average, 2 1T to attack. where T is the amount of time that is required to perform one encryption of a plaintext value and comparison 01 the result against me corresponding ciphertext value.