Introduce

Key Establishment Methods in FIPS 140-2

  • Random Number Generation
  • Key Establishment
  • Key Agreement
  • Key Transport (key encapsulation, key wrapping)
  • Key Generation
  • Key Entry/Output
  • Key Storage
  • Key Zeroization
  • Key Derivation (possibly, from other keys)


http://xml.coverpages.org/keyManagement.html

Key Management Standards and Specification Development Initiatives

  • ANSI X9 Financial Industry Standards
  • DMTF Security Modeling Working Group
  • GlobalPlatform Key Management System
  • IEEE P1619.3 Security in Storage Working Group (SISWG), Key Management
  • IEEE ICSG Privilege Management Protocols (PMP) Working Group
  • IETF Provisioning of Symmetric Keys (KEYPROV) Working Group
  • ISO/IEC 11770: Key Management
  • KeyGen2: Key Provisioning/Management Standards Proposal
  • National Institute of Standards and Technology (NIST)
  • OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee
  • OASIS Key Management Interoperability Protocol (KMIP) Technical Committee
  • Sun Crypto Key Management System (KMS)
  • Trusted Computing Group: Infrastructure Work Group and Key Management Services Subgroup
  • W3C XML Key Management (XKMS)


Related: FIPS 140

Tool

Keylength

https://www.keylength.com/

Keylength - Cryptographic Key Length Recommendation

KMIP4J

https://sourceforge.net/projects/kmip4j/

The Key Management Interoperability Protocol (KMIP) defines the communication between a Key Lifecycle Management System (KLMS) and its clients. Some companies have been working with proprietary implementations of KMIP in different programming languages for a while, but up until now, no open-source solution existed. KMIP4J is an open-source implementation of KMIP 1.0 in Java.

local-mini-kms

https://git.hatter.ink/hatter/local-mini-kms

Mini-KMS runs local written by Rust

RustyVault

https://github.com/Tongsuo-Project/RustyVault Github Repo Stars: Tongsuo-Project/RustyVault

RustyVault is a modern secret management system, written in Rust. RustyVault provides various features which support many scenarios including secure storage, cloud identity management, secret management, Kubernetes integration, PKI infrastructure, cryptographic computing, traditional key management, etc.

Vault

https://www.vaultproject.io/
https://developer.hashicorp.com/vault

Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API.

Reference

  1. http://icmc-2013.org/wp/wp-content/uploads/2013/09/Roginsky-The-Key-Management-Presentation-at-ICMC-the-9-06-2013-version.pdf
  2. https://www.owasp.org/index.php/Key_Management_Cheat_Sheet
  3. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf
  4. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-57p2.pdf
  5. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf