Cryptography Reference
In-Depth Information
provision of assurance of purpose of keys, which we discussed in Section 10.1.3.
Keys are often unstructured bit strings, so there is no obvious way of distinguishing
the purpose of a key from its basic form. There are two main techniques that can
be used to enable the purpose of a key to be distinguished:
Encrypting a key using a specified variant key
. This is a hardware-enforced
method that we previously mentioned, which involves using specific higher-
level keys to encrypt keys for particular purposes. For example, in Figure 10.7
the HSM used the key
SMK
1 to encrypt PIN generation keys, and key
SMK
2
to encrypt MAC keys. The HSM can interpret the usage based on the key
encrypting key variant used. This technique can be applied to keys being
distributed, as well as keys being stored. This method can be used to enforce
any type of key separation (for example, the separation of the different MAC
keys required to support the example in Section 7.2.3).
Embedding the key in a larger data block
. This involves embedding the key
into a larger data object that also includes a statement on the key usage. Three
examples of this are:
Employing redundancy
. As discussed in Section 4.4, a DES key has an effective
length of 56 bits, but is usually a 64-bit value. Thus, there are 8 'spare'
bits that can be used for other purposes. The original DES standard
recommends that the spare bits be used to provide error detection in
the event that a DES key becomes corrupted. Since the standard did not
mandate this approach, the idea of
key tagging
was introduced. This allows
the eight spare bits to define the key usage. When a key is presented
in a command to an HSM, the tagging bits are checked by the HSM
to ensure that the key is a valid key for the command that it is being
used for.
Key blocks
. This is a formatted data string that allows a key to be represented
along with other data relating to the key. One example is the
ANSI TR-31
key block, which is depicted in Figure 10.8 and has the following fields:
• the
header
includes information that clarifies the purpose of the key;
• the
optional header
includes optional data such as the expiry date of the
key;
• the
key
is encrypted using a suitable key encrypting key;
• the
authenticator
is a MAC on the rest of the key block, which provides data
origin authentication (data integrity) of the key block data.
Public-key certificates
. These are types of key block used to provide assurance
of purpose for public keys. A public-key certificate often includes a field that
header
(clear)
optional header
(clear)
key (encrypted)
authenticator
(MAC)
Figure 10.8.
ANSI TR-31 key block
