- CSRC Home
- About CSD
- Projects / Research
- news & events
Generally-speaking, there are two types of key establishment techniques: 1) techniques based on asymmetric (public key) algorithms, and 2) techniques based on symmetric (secret key) algorithms. However, hybrid techniques are also commonly used, whereby public key techniques are used to establish symmetric (secret) key encryption keys, which are then used to establish other symmetric (secret) keys.Back to Top
NIST recently announced a new Key Management Project. For more information see the Cryptographic Key Management Project homepage.Back to Top
September 10, 2015: NIST requests comments on Draft Special Publication 800-57 Part 1-Rev. 4 Recommendation for Key Management: Part 1: General. This Recommendation provides general guidance and best practices for the management of cryptographic keying material. A list of changes is provided in Appendix D of the document.
Please send comments to email@example.com by October 31, 2015.
July 10, 2015: NIST requests comments on a revision of Special Publication (SP) 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, which was originally published in January 2011. The most significant differences in this revision are 1) declaring the Dual_EC_DRBG as a disallowed method for random bit generation, 2) the deprecation of the non-approved key-agreement and key-transport schemes, and the non-approved key-wrapping methods through December 31, 2017, and the intent to disallow them thereafter, and 3) the inclusion of the SHA-3 hash functions specified in FIPS 202.
Please submit comments by August 14, 2015 to CryptoTransitions@nist.gov, with "SP 800-131A Comments" in the subject line.
January 23, 2015: Special Publication 800-57, Part 3, Revision 1, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance, is intended primarily to help system administrators and system installers adequately secure applications based on product availability and organizational needs and to support organizational decisions about future procurements. This document also provides information for end users regarding application options left under their control in a normal use of the application.
This revision updates cryptographic requirements for the protocols and applications in the document so that the current required security strengths, as specified in SP 800-131A, can be achieved. This revision also adds security-related updates from the protocols addressed in the original version of the document, as well as a new section for Secure Shell (SSH).
The applications and protocols addressed in this revision are: Public Key Infrastructures (PKI), Internet Protocol Security (IPsec), Secure/Multipurpose Internet Mail Extensions (S/MIME), Kerberos, Over-the-Air Rekeying of Digital Radios (OTAR), Domain Name System Security Extensions (DNSSEC), Encrypted File Systems (EFS) and Secure Shell (SSH).
December 18, 2014: NIST requests comments on DRAFT Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems. This Profile is based on NIST Special Publication (SP) 800-130, A Framework for Designing Cryptographic Key Management Systems, and has been prepared to assist Cryptographic Key Management System (CKMS) designers and implementers in selecting the features to be provided in their “products,” and to assist Federal organizations and their contractors when procuring, installing, configuring, operating, and using a Federal Cryptographic Key Management System (FCKMS). The public comment period ended February 18, 2015.
Note that these comments will be posted for public review. Note that this revision includes references to some of the security controls in SP 800-53. Comments on the accuracy of these references would be appreciated
Comments received on SP 800-152 (by 2/18/15 deadline)
May 5, 2014: NIST would like to request comments on a Draft Revision of SP 800-57 Part 3, Recommendation for Key Management: Application-Specific Key Management Guidance.
This revision updates cryptographic requirements for the protocols and applications in the document so that the current required security strengths, as specified in SP 800-131A, can be achieved. This revision also adds security-related updates from the protocols addressed in the original version of the document, and a new section for Secure Shell (SSH).
Comments should be sent to SP80057Part3@nist.gov, with "Comments on SP 800-57, Part 3" in the subject line. Comments should be submitted by July 5th, 2014.
January 6, 2014: Please see December 18, 2014 entry (above) for latest version. NIST requests comments on NIST Special Publication (SP) 800-152, A Profile for U.S. Federal Cryptographic Key Management Systems. SP 800-152 contains requirements for the design, implementation, procurement, installation, configuration, management, operation, and use of a CKMS by U. S. Federal organizations. The Profile is based on NIST SP 800-130, A Framework for Designing Cryptographic Key Management Systems (CKMS). The public comment period ended March 5, 2014.
August 15, 2013: NIST announces the completion of NIST Special Publication (SP) 800-130, A Framework for Designing Cryptographic Key Management Systems. This publication contains a description of the topics to be considered and the documentation requirements to be addressed when designing a CKMS. The CKMS designer satisfies the requirements by selecting the policies, procedures, components (hardware, software, and firmware), and devices (groups of components) to be incorporated into the CKMS, and then specifying how these items are employed to meet the requirements of this Framework.
December 21, 2012: NIST announces the completion of NIST Special Publication (SP) 800-133, Recommendation for Cryptographic Key Generation. This Recommendation discusses the generation of the keys to be used with NIST-approved cryptographic algorithms. The keys are either generated using mathematical processing on the output of approved Random Bit Generators, or generated based upon keys that are generated in this fashion.
August 8, 2012: Please see December 18, 2014 entry (above) for latest version. NIST requests comments on draft NIST Special Publication 800-152, A Profile for U. S. Federal Cryptographic Key Management Systems (CKMS). This Profile will be based on the Special Publication 800-130, entitled “A Framework for Designing Cryptographic Key Management Systems.” The Framework covers topics that should be considered by a product or system designer when designing a CKMS and specifies requirements for the design and its documentation. The Profile, however, will cover not only a CKMS design, but also its procurement, installation, management, and operation throughout its lifetime. The public comment period ended October 10, 2012.
July 9, 2012: NIST announces the completion of Revision 3 of Special Publication (SP) 800-57, Part 1, Recommendation for Key Management, Part 1: General. This publication contains basic key management guidance, including the security services that may be provided and the key types that may be employed in using cryptographic mechanisms, the functions involved in key management, and the protections and handling required for cryptographic keys. This revision aligns the document with SP 800-131A , as well as providing a general update of the document.
January 13, 2011: New Draft - Please see July 10, 2015 entry above.
NIST announces the completion of Special Publication (SP) 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths. This Recommendation provides the approach for transitioning from the use of one algorithm or key length to another, as initially addressed in Part 1 of SP 800-57. SP 800-131B, Transitions: Validation of Transitioning Cryptographic Algorithms and Key Lengths, is under development and will address the validation of cryptographic modules during the transition period.
SP 800-57 Part 2, Recommendation for Key Management - Part 2: Best Practices for Key Management Organizations provides guidance for system and application owners for use in identifying appropriate organizational key management infrastructures, establishing organizational key management policies, and specifying organizational key management practices. Public comments are available for Part 2 draft.
Back to Top
June 5, 2013: NIST announces the completion of SP 800-56A Revision 2: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. The revisions are made on the March 2007 version of this Recommendation. The major revisions are summarized in Appendix D.
March 12, 2014: NIST requests comments on the draft revision of Special Publication 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography. SP 800-56B specifies key-establishment schemes based on the Rivest Shamir Adleman (RSA) algorithm. The revision is made on the August 2009 version. The main changes are listed in Appendix D.
Please submit comments to 56B2014revfirstname.lastname@example.org with "Comments on SP 800-56B (Revision)" in the subject line. The comment period closes on May 15, 2014.
The comment period for the draft revision of NIST SP 800-56B has been extended to May 30, 2014.
December 11, 2011: NIST announces the completion of NIST SP 800-56C, Recommendation for Key Derivation through Extraction-then-Expansion. This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key establishment scheme defined in NIST Special Publications 800-56A or 800-56B through an extraction-then-expansion procedure.
December 2012: NIST has published an ITL Bulletin that summarizes NIST SP 800-133: Recommendation for Cryptographic Key Generation.
A specification is available for Approved methods for key-wrapping using symmetric keys.
NIST welcomes the submission of comments on this project at any time. Comments on the Key Management Guideline should be addressed to GuidelineComments@nist.gov. Comments on the Key Establishment Schemes document should be addressed to email@example.com.
Comments on the previous draft of the Recommendation for Key Management - Part 1.Back to Top
Testing is currently available for SP 800-56A. For more inforation see the Cryptographic Algorithm Validation Program (CAVP) homepage.Back to Top
Back to Top
For information about works in progess in the Key Management area, see the Cryptographic Key Management Project homepage.