Cryptography Reference
In-Depth Information
The formulation of key management policies, practices and procedures also
facilitates the auditing of key management, which is part of the wider process of
auditing security. This is because not only can the policies, practices and pro-
cedures themselves be scrutinised, but the effectiveness of their implementation
can then be tested.
10.7.2
Example procedure: key generation ceremony
We illustrate the potential complexities of key management governance by giving
an example of an important type of key management procedure that might be
required by a large organisation. This is that of a
key ceremony
, which can be used
to implement key generation from components (as discussed in Section 10.3.3).
Note that the key in question could be a top-level (master) symmetric key or
top-level (root) private key, which needs to be installed into an HSM. The key
might be:
• a new key being freshly generated;
• an existing key being re-established (from backed-up stored components).
The participants are:
Operation manager
: responsible for the physical aspects, including the venue,
hardware, software and any media on which components are stored or
transported;
Key manager
: responsible for making sure that the key ceremony is performed
in accordance with the relevant key management policies, practices and
procedures;
Key custodians
: the parties physically in possession of the key components,
responsible for handling them appropriately and following the key ceremony
as instructed;
Witnesses
: responsible for observing the key ceremony and providing independent
assurance that all other parties perform their roles in line with the appropriate
policies, practices and procedures (this might involve recording the key
ceremony).
The key ceremony itself involves several phases:
Initialisation
. The operation manager installs and configures the required
hardware and software, including the HSM, within a controlled environment.
This process might need to be recorded by witnesses.
Component retrieval
. The components required for the key ceremony, held by
the relevant key custodians, are transported to the key ceremony location.
These key custodians may be from different organisations (departments) and
may not be aware of each others' identities.
Key generation/establishment
. The key is installed onto the HSM under the
guidance of the key manager. This process will involve the various key
