IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.46 Appropriate key management
Initiation responsibility: IT Security Management
Implementation responsibility: IT Security Management, IT Procedures
Officer
The use of cryptographic security mechanisms (such as encryption or digital
signatures) requires that suitable keys must be created, distributed and
installed using confidential and authenticated procedures, with integrity
ensured. Keys which have become known to unauthorised users, which have
been corrupted in the course of distribution or which perhaps even originate
from uncontrolled sources (this also applies to the agreement of keys between
communication partners) are just as capable of compromising a cryptographic
security mechanism as poor quality keys which have been generated in an
unsuitable way. Good quality keys are usually created using suitable key
generators (see below). Attention must be paid to the following points
regarding key management:
Key generation
Key generation should be performed in a secure environment using suitable
key generators. Cryptographic keys can either be generated directly at the
place where they are used (usually initiated by the user) or they can be
generated at a central location. When keys are generated locally, it usually has
to be accepted that the security of the environment will be less stringent,
whereas when keys are generated centrally it must be ensured that they reach
their users authentically and without being compromised.
Suitable key generators must produce controlled, statistically evenly
distributed random sequences, making use of the entire possible key space. To
do this, for example, a noise source generates random bit sequences, which are
post-processed with a logic unit. The quality of the keys obtained in this way
is then examined using a variety of test procedures.
Some crypto modules, especially those which do not have an integrated
random number generator, make use of user inputs for the generation of keys.
For example, these modules may ask for passwords from which a key is
subsequently derived, or the user is prompted to type in an arbitrary text in
order to obtain random starting values for generating a key. Passwords used in
such circumstances should be carefully chosen and as long as possible. If
users are requested to make entries that are as random as possible, they should
really be random, in other words difficult to predict.
Separation of keys
If possible, cryptographic keys should be employed for only one purpose. In
particular, it is important never to use the same keys both for encryption and
for the generation of signatures. This makes sense for a number of reasons:
- If one key is disclosed, only some procedures will be affected, not all of
them.
- It may sometimes be necessary to divulge encryption keys (when a deputy
or substitute is used).
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000