Recommendation for Cryptographic Key Generation

Date Published: April 17, 2026
Comments Due: June 16, 2026
Email Comments to: [email protected]

Author(s)

Quynh Dang (NIST), Dustin Moody (NIST), Andrew Regenscheid (NIST), Hamilton Silberg (NIST)

Announcement

This document describes the generation of keys to be managed and used by approved cryptographic algorithms. 

Proposed changes in this revision include the following:

• Asymmetric key-pair generation has been expanded to include methods for deriving randomness during key-pair generation.
• Key-pair generation now has options for derivation similar to symmetric keys and new methods for “seed expansion,” which allows for the limited use of SHAKE and deterministic random bit generators (DRBGs).
• Key-encapsulation mechanisms (KEMs) are discussed as a key-establishment option for symmetric key generation, and post-quantum cryptography (PQC) references have been added throughout (e.g., the new PQC signatures).
• Text has been reworded to address random number generation in alignment with SP 800-90C.

Comments are especially requested regarding:

• Hardware security module (HSM) design — How do these requirements align with common practice and existing systems using a root seed/secret value?
• PQC implementations and protocol — How do these requirements fit with storing keys as seeds (e.g., for ML-KEM) and performing hybrid (i.e., combined classical and post-quantum) implementations?

Control Families

None selected