Key Management: General
32 6. Other secret information: Secret information may be included in the seeding of an RBG or
in the establishment of keying material. 7. Intermediate Results: The intermediate results of cryptographic operations using secret
information must be protected. Intermediate results shall not be available for purposes other than as intended.
8. Key-control information: Information related to the keying material e.g., the identifier, purpose, or a counter must be protected to ensure that the associated keying material can
be correctly used. The key-control information is included in the metadata associated with the key see
Section 6.2.3.1 .
9. Random numbers or bits: The random numbers created by a random bit generator should
be protected when retained. When used directly as keying material or in its generation, the random bits shall be protected as discussed in
Section 6 .
10. Passwords: A password is used to acquire access to privileges and can be used as a credential in a source-authentication mechanism. A password can also be used to derive
cryptographic keys that are used to protect and access data in storage, as specified in [SP800-132]
. 11. Audit information: Audit information contains a record of key-management events.
5.2 Key Usage
In general, a single key shall be used for only one purpose e.g., encryption, integrity authentication, key wrapping, random bit generation, or digital signatures. There are several
reasons for this:
1. The use of the same key for two different cryptographic processes may weaken the security provided by one or both of the processes.
2. Limiting the use of a key limits the damage that could be done if the key is compromised.
3. Some uses of keys interfere with each other. For example, consider a key pair used for both key transport and digital signatures. In this case, the private key is used as both a
private key-transport key to decrypt the encrypted keys and as a private signature key to apply digital signatures. It may be necessary to retain the private key-transport key
beyond the cryptoperiod of the corresponding public key-transport key in order to decrypt the encrypted keys needed to access encrypted data. On the other hand, the
private signature key shall be destroyed at the expiration of its cryptoperiod to prevent its compromise see
Section 5.3.6 . In this example, the longevity requirements for the
private key-transport key and the private digital-signature key contradict each other. This principle does not preclude using a single key in cases where the same process can
provide multiple services. This is the case, for example, when a digital signature provides integrity authentication and source authentication using a single digital signature, or when a
single symmetric key can be used to encrypt and authenticate data in a single cryptographic operation e.g., using an authenticated-encryption operation, as opposed to separate encryption
and authentication operations. Also, refer to
Section 3.7 .
Key Management: General
33 This Recommendation permits the use of a private key-transport or key-agreement key to
generate a digital signature for the following special case: When requesting the initial certificate for a static key-establishment key, the
corresponding private key may be used to sign the certificate request. Also refer to Section
8.1.5.1.1.2 .
5.3 Cryptoperiods