Key management for information security

  • The key classification
    • The primary key
    • The secondary key
    • Master key
  • Distribution methods with confidentiality and authentication
  • Key management of public key cryptosystems
  • Public Key The management organization assigns public keys
  • Public key certificate
  • How to Use certificates

The key classification

A key is classified into primary key, secondary key, and master key.

The primary key

  • A key used to encrypt and decrypt data
  • Primary communication key: A key is used only once and has a short lifetime
  • Primary file key: has the same lifetime as the file it protects
  • The primary key cannot be stored in clear text

The secondary key

  • Used to protect primary keys
  • Cannot be saved in clear text

Master key

The top-level key in the key management scheme is used to protect the second-level key. The lifetime of the master key is long

Distribution methods with confidentiality and authentication



① A encrypts A’s identity with B’s public key and sends A one-time random number N1 to B;

② B decrypts N1 and sends N1 and another random number N2 to A with A’s public key encryption;

③ A encrypts N2 with B’s public key and sends it to B.

(4) USER A selects A session key Ks, encrypts it with user A’s private key, uses user B’s public key to encrypt it, and sends the session key to user B. User B decrypts the session key Ks using user A’s public key and user B’s private key.

Key management of public key cryptosystems

  • There are essential differences between the key management of public key cryptosystem and that of symmetric cryptosystem.
  • The key of symmetric cryptosystem is essentially a random number or random sequence, while the public key cryptosystem is essentially a one-way trap gate function, which is based on a certain mathematical problem.

Public Key The management organization assigns public keys

It can become a bottleneck in the system, and directories are vulnerable to crosstalk by rivals.

Compare the certificate with the driver’s license

Public key certificate

  • Users exchange public keys through public key certificates without contacting public key management organizations

  • The public key Certificate is created by the Certificate Authority (CA) for users.

  • The certificate is in the form of

    T-time, pKA-A’s public key, IDA-A’s identity, SKCA-CA’s private key

  • Timestamp T ensures the freshness of certificates and prevents replaying of old certificates.

How to Use certificates

  • Customer -> Server: Hello
  • “Server” -> “Client” : Hello, I am the server, here is my digital certificate
  • “Client” -> “server” : Prove to me that you are the server, this is a random string
  • “Server” -> “Client” : This is a signature to a random string

After verifying the identity of the “server”, the “client” generates a symmetric encryption algorithm and key for subsequent communication encryption and decryption. The symmetric encryption algorithm and key will be encrypted by the “client” with the public key and then sent to the “server”. It is useless for others to intercept, because only the “server” has the private key that can be decrypted. In this way, both the “server” and the “client” can use symmetric encryption algorithms to encrypt and decrypt the communication content.