Cryptography Reference
In-Depth Information
defines the key usage. We will discuss public-key certificates in more detail
in Section 11.1.2.
It is important to realise that while distinguishing the purpose of a crypto-
graphic key is helpful, it does not
enforce
key separation. Enforcement of key
separation also requires procedural controls, which we discuss in Section 10.7.
KEY SEPARATION IN PRACTICE
At an intuitive level, the principle of key separation makes sense. Clearly, in
an ideal world, having separate keys for separate purposes keeps things simple.
However, the principle of key separation is precisely what it claims to be, namely,
a 'principle'. Enforcing it does not come without potential costs. For example,
enforcing it may mean that a key management system has more keys to manage
than it would have if the principle is not enforced. It thus may be tempting to use
keys for more than one purpose, just to reduce the number of keys that have to
be managed. Of course, if we decide to use a particular symmetric key for both
encryption and computing MACs then we could argue that the principle of key
separation is still enforced since the 'purpose' of the key is both encryption and
computing MACs! At least
thinking
about the principle of key separation has
made us recognise these different uses of the key.
One example of a pragmatic compromise between the principle of key separa-
tion and practical issues is key derivation, which we discussed in Section 10.3.2. In
this case a single
derivation key
might be stored and then used to derive separate
encryption and MAC keys. Technically the same key is being used twice, since
derivation is by means of a publicly known process, so the encryption and MAC
keys are not as 'different' as we would like in the ideal world. Pragmatically, we are
enforcing the principle of key separation by having two keys for the two different
cryptographic operations.
The examples in this section have illustrated the dangers of not following the
principle. The degree to which the principle of key separation is adhered to in a
real application naturally depends on the specific priorities of the application
environment. We will comment on key separation issues when we examine
applications in Chapter 12.
10.6.2
Key change
Most key management systems require the ability to change keys.
THE NEED FOR KEY CHANGE
The need for a change of key tends to arise in two different types of circumstance:
Planned key changes
. These will most likely occur at regular intervals. One
reason for a planned key change might be the end of the key lifetime (see
Section 10.2.1). Another reason might simply be to regularly practice key
