Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Recommendation for Cryptographic Key Generation: NIST Publishes SP 800-133 Revision 1
July 23, 2019

Cryptography relies upon two basic components—an algorithm and a cryptographic key—to protect data in an information technology security environment. Such data is often sensitive, of high value, or vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. A wide variety of standards have therefore been developed to specify and approve cryptographic algorithms for use by the Federal Government.

NIST announces the publication of Special Publication (SP) 800-133 Revision 1, Recommendation for Cryptographic Key Generation, which discusses the generation of the keys to be managed and used by approved cryptographic algorithms. Guidance has been added regarding the handling of asymmetric key pairs after generation, as well as key-pair replacement or limiting the amount of information protected by a key pair in response to the compromise of a private key. This revision also includes clarifications and references to new publications not included in the original version, such as SP 800-71, Recommendation for Key Establishment Using Symmetric Block Ciphers, and the KMAC algorithm as specified in SP 800-185, SHA-3 Derived Functions. The final appendix contains a complete list of all changes and additions.


Security and Privacy: key management

Created July 25, 2019, Updated June 22, 2020