How do encryption keys work

The key can be activated upon its creation or set to be activated automatically or manually at a later time. The encryption key manager should track current and past instances or versions of the encryption key.

You need to be able to choose whether or not the key can be deleted, mirrored to a failover unit, and by which users or groups it can be accessed. The key manager should allow an activated key to be retrieved by authorized systems and users for encryption or decryption processes. It should also seamlessly manage current and past instances of the encryption key. For example, if a new key is generated and the old one deactivated or rolled every year, then the key manager should retain previous versions of the key but dispense only the current instance and activate previous versions for decryption processes.

Previous versions can still be retrieved in order to decrypt data encrypted with such versions of the key. The key manager will also roll the key either through a previously established schedule or allow an administrator to manually roll the key. An administrator should be able to use the key manager to revoke a key so that it is no longer used for encryption and decryption requests.

A revoked key can, if needed, be reactivated by an administrator so that, In certain cases the key can be used to decrypt data previously encrypted with it, like old backups. But even that can be restricted. NIST Section 8. If a key is no longer in use or if it has somehow been compromised, an administrator can choose to delete the key entirely from the key storage database of the encryption key manager. The key manager will remove it and all its instances, or just certain instances, completely and make the recovery of that key impossible other than through a restore from a backup image.

This should be available as an option if sensitive data is compromised in its encrypted state. If the key is deleted, the compromised data will be completely secure and unrecoverable since it would be impossible to recreate the encryption key for that data.

The practice of Separation of Duties reduces the potential for fraud or malfeasance by dividing related responsibilities for critical tasks between different individuals in an organization. It is common in the financial and accounting procedures of most organizations.

For example, the person who prints the checks at a company would not be the person who signs the checks. Similarly, the individual who signs checks would not reconcile the bank statements.

A company would ensure that business critical duties are categorized into four types of functions: authorization, custody, record keeping, and reconciliation. In a perfect system, no one person should handle more than one type of function. Regarding information security practices, the implementation of Separation of Duties is critical in the area of encryption key management. To prevent unwanted access to protected data, it is important that the person who manages encryption keys not have the ability to access protected data, and vice versa.

This is no more difficult to accomplish in an information technology context than in a financial context, but is often overlooked or misunderstood in complex computer systems.

Again, NIST, in Recommendation for Key Management — Part 2 , defines Dual Control: A process that uses two or more separate entities usually persons operating in concert to protect sensitive functions or information. No single entity is able to access or use the materials, e. While Separation of Duties involves distributing different parts of a process to different people, Dual Control requires that at least two or more individuals control a single process.

In data security practice it is common to find requirements for Dual Control of encryption key management functions. Because a key management system may be storing encryption keys for multiple applications and business entities, the protection of encryption keys is critically important. The concept of Split Knowledge applies to any access or handling of unprotected cryptographic material like encryption keys or passphrases used to create encryption keys, and requires that no one person know the complete value of an encryption key.

If passphrases are used to create encryption keys, no one person should know the entire passphrase. Rather, two or more people should each know only a part of the pass phrase, and all of them would have to be present to create or recreate an encryption key.

Now comes securing the cryptographic module itself. Every data security product available makes claims as to superior functionality or data protection. But when protecting sensitive data, organizations need to have assurance that a product's stated security claim is valid. This is certainly true when it comes to an encryption key manager. However, we should note that public key encryption uses symmetric encryption as well! Public key encryption actually just encrypts a symmetric key, which is then used to decrypt the actual message.

PGP is an example of a protocol that uses both symmetric cryptography and public key cryptography asymmetric. Functionally, using end-to-end encryption tools like PGP will make you very aware of public key cryptography practices.

Public key cryptography is based on the premise that there are two keys: one key for encrypting, and one key for decrypting. How it basically works is you can send a key over an insecure channel, like the Internet. This key is called the public key. You can post this public key everywhere, in very public places, and not compromise the security of your encrypted messages.

The public key and private key are generated together and tied together. Both rely on the same very large secret prime numbers. The private key is the representation of two very large secret prime numbers. Metaphorically, the public key is the product number: it is made up of the same two very large prime numbers used to make the private key.

This problem is known as prime factoring, and some implementations of public key cryptography take advantage of this difficulty for computers to solve what the component prime numbers are. Modern cryptography allows us to use randomly chosen, ridiculously gigantic prime numbers that are hard to guess for both humans and computers.

And, the strength here is that people can share their public keys over insecure channels to let them encrypt to each other! In the process, they never reveal what their private key secret prime numbers is, because they never have to send their private key for decrypting messages in the first place.

Another way you can think of it: The public key and private key are generated together, like a yin-yang symbol. They are intertwined. The public key is searchable and shareable. You can distribute it to whoever. You can put it on your personal website. You can give it out. The private key needs to be kept safe and close. You just have one.

Let's see how public key cryptography might work, still using the example of PGP. Pretty Good Privacy is mostly concerned with the minutiae of creating and using public and private keys.

If there's one thing you need to take away from this overview, it's this: Keep your private key stored somewhere safe and protect it with a long passphrase. Public key encryption is all about making sure the contents of a message are secret, genuine, and untampered with. But that's not the only privacy concern you might have.

In some countries you can face imprisonment simply for refusing to decode encrypted messages. Disguising that you are communicating with a particular person is more difficult. In the example of PGP, one way to do this is for both of you to use anonymous email accounts, and access them using Tor. If you do this, PGP will still be useful, both for keeping your email messages private from others, and proving to each other that the messages have not been tampered with.

Skip to main content. Enter your keywords. Then, when Alice receives the message, she takes the private key that is known only to her in order to decrypt the message from Bob. Although attackers might try to compromise the server and read the message, they will be unable to because they lack the private key to decrypt the message. Only Alice will be able to decrypt the message as she is the only one with the private key.

In asymmetric encryption, public keys can be shared with everyone in the system. Once the sender has the public key, he uses it to encrypt his message.

Each public key comes paired with a unique private key. Think of a private key as akin to the key to the front door of a business where only you have a copy. This defines one of the main differences between the two types of keys. The private key ensures only you can get through the front door. In the case of encrypted messages, you use this private key to decrypt messages. Together, these keys help to ensure the security of the exchanged data. A message encrypted with the public key cannot be decrypted without using the corresponding private key.

The public and private key are not really keys but rather are really large prime numbers that are mathematically related to one another. Being related in this case means that whatever is encrypted by the public key can only be decrypted by the related private key.

A person cannot guess the private key based on knowing the public key. Because of this, a public key can be freely shared.