U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-133 Rev. 1 (Draft)

Recommendation for Cryptographic Key Generation

Date Published: March 2019
Comments Due: May 8, 2019 (public comment period is CLOSED)
Email Questions to: SP-800-133_Comments@nist.gov


Elaine Barker (NIST), Allen Roginsky (NIST)


The draft revision discusses the generation of keys to be managed and used by approved cryptographic algorithms. This revision adds the Edwards-curve Digital Signature Algorithm (EdDSA) to the original list of digital signature algorithms as well as KMAC as an algorithm for generating a Message Authentication Code (MAC). EdDSA will also be proposed as an additional signature algorithm in a forthcoming revision of Federal Information Processing Standard (FIPS) 186, Digital Signature Standard (DSS). KMAC is specified in SP 800-185, Recommendation for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters. Additional changes are listed in the final appendix of SP 800-133 Rev. 1.

NOTE: A call for patent claims is included on page iv of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



asymmetric key; key agreement; key derivation; key generation; key wrapping; key replacement; key transport; private key; public key; symmetric key
Control Families

None selected


SP 800-133 Rev. 1 (Draft) (DOI)
Local Download

Supplemental Material:
None available

Document History:
03/06/19: SP 800-133 Rev. 1 (Draft)
07/23/19: SP 800-133 Rev. 1


Security and Privacy
key management