Cryptography Reference
In-Depth Information
compromised, it might only be necessary to deem all signatures generated using
the key after the time of compromise to be invalid.
MECHANISMS FOR CHANGING KEYS
As mentioned above, key change requires:
• generation and establishment of a new key;
• withdrawing the old key (and potentially destroying or archiving it).
Any of the mechanisms for these operations discussed elsewhere in this chapter
could, in theory, be used to conduct these processes. Ideally, planned key changes
should happen automatically and require very little intervention. For example,
we saw in Section 10.4.2 that UKPT schemes automate planned key changes after
every transaction. More intervention may be required in the case of unplanned
key changes.
Obviously, high-level key changes are more complex to manage. For example,
if a storage master key in an HSM goes through a planned change then all keys
encrypted under the old storage master key will need to be decrypted, and then
re-encrypted using the new storage master key. In this case, since the storage
master key has not been compromised, there is no need to change all the keys that
were encrypted using it.
Note that key changes are not always easy to facilitate. Indeed, the
migration
process from one key to another can be particularly challenging and, where
possible, needs to be carefully planned for in order to make the transition as
smooth as possible.
CHANGING PUBLIC-KEY PAIRS
It is perhaps slightly surprising that key change is, in general, simpler to perform
for symmetric keys. This is 'surprising' because key change forces a new key
establishment operation, which is usually a more difficult process for symmetric
keys. There are two reasons why changing public-key pairs is normally more
challenging:
Knowledge of public keys
. Since symmetric keys need to be carefully 'positioned'
in a network so that entities relying on them have the right keys, a key
management system tends to be fully 'in control' of where its symmetric
keys are located. This, at least in theory, makes withdrawing a symmetric
key straightforward. In contrast, the 'public' nature of a public key means that
a key management system may have little control over which entities have
knowledge of a public key. Indeed, in open environments such as the Internet,
a public key could be known by anyone.
Open application environments
. Symmetric cryptography tends to be employed
in closed environments. Thus any key management system handling symmet-
ric keys should have mechanisms and controls in place for key establishment
that can be reused for key change. In contrast, public-key cryptography tends
to be used in open environments where this may be more challenging.
