Introduce
Key Establishment Methods in FIPS 140-2
- Random Number Generation
- Key Establishment
- Key Agreement
- Key Transport (key encapsulation, key wrapping)
- Key Generation
- Key Entry/Output
- Key Storage
- Key Zeroization
- Key Derivation (possibly, from other keys)
http://xml.coverpages.org/keyManagement.html
Key Management Standards and Specification Development Initiatives
- ANSI X9 Financial Industry Standards
- DMTF Security Modeling Working Group
- GlobalPlatform Key Management System
- IEEE P1619.3 Security in Storage Working Group (SISWG), Key Management
- IEEE ICSG Privilege Management Protocols (PMP) Working Group
- IETF Provisioning of Symmetric Keys (KEYPROV) Working Group
- ISO/IEC 11770: Key Management
- KeyGen2: Key Provisioning/Management Standards Proposal
- National Institute of Standards and Technology (NIST)
- OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee
- OASIS Key Management Interoperability Protocol (KMIP) Technical Committee
- Sun Crypto Key Management System (KMS)
- Trusted Computing Group: Infrastructure Work Group and Key Management Services Subgroup
- W3C XML Key Management (XKMS)
Related: FIPS 140
Tool
Keylength
Keylength - Cryptographic Key Length Recommendation
KMIP4J
https://sourceforge.net/projects/kmip4j/
The Key Management Interoperability Protocol (KMIP) defines the communication between a Key Lifecycle Management System (KLMS) and its clients. Some companies have been working with proprietary implementations of KMIP in different programming languages for a while, but up until now, no open-source solution existed. KMIP4J is an open-source implementation of KMIP 1.0 in Java.
local-mini-kms
https://git.hatter.ink/hatter/local-mini-kms
Mini-KMS runs local written by Rust
RustyVault
https://github.com/Tongsuo-Project/RustyVault
RustyVault is a modern secret management system, written in Rust. RustyVault provides various features which support many scenarios including secure storage, cloud identity management, secret management, Kubernetes integration, PKI infrastructure, cryptographic computing, traditional key management, etc.
Vault
https://www.vaultproject.io/
https://developer.hashicorp.com/vault
Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.
Reference
- http://icmc-2013.org/wp/wp-content/uploads/2013/09/Roginsky-The-Key-Management-Presentation-at-ICMC-the-9-06-2013-version.pdf
- https://www.owasp.org/index.php/Key_Management_Cheat_Sheet
- http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf
- http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-57p2.pdf
- http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf