NIST Publishes Cryptographic Key Generation Guide

SP 800-133 Cites Documents Containing Key Generation Specs
NIST Publishes Cryptographic Key Generation Guide

The National Institute of Standards and Technology has published new guidance on generating cryptographic keys to help organizations protect their data with secure keys no matter the type of algorithm they choose.

See Also: How to Take the Complexity Out of Cybersecurity

NIST Special Publication 800-133, Recommendation for Cryptographic Key Generation, offers guidance on generating the cryptographic keys that are needed to employ algorithms that provide confidentiality and integrity protection for data.

Protecting sensitive data requires different types of cryptographic algorithms, depending on the situation, but ultimately they all depend on keys, the cryptographic equivalent of a password. Even if adversaries know which algorithm an organization employs, they cannot gain access to the data unless they also have the proper key. NIST says SP 800-133 will help organizations find the specific information on how to generate these keys successfully.

NIST says SP 800-133 is primarily a high-level document that refers readers to other documents that contain details on generating the various types of keys. But it offers specific details for one type of key generation: the keys used in symmetric-key algorithms, in which the same key is used, for example, to encrypt and decrypt data. Symmetric-key algorithms operate quickly, and the keys must be kept secret. Organizations use these algorithms to protect sensitive information, including other keys, for which the algorithm is iterated as many times as needed to protect the information.

When it doesn't provide specific guidance, such as for asymmetric-key algorithms, SP 800-133 references other guides that contain the key generation specifications.


About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.