How to manage encryption keys


This article can also be found in the Premium Editorial Download "Storage magazine: What you need to know about data storage provisioning."

Download it now to read this article plus other related content.

Key management standards
The Federal Information Processing Standard (FIPS) 140-2 Level 3 standard requires that the systems used to store encryption keys be physically secure, use two-part authentication, produce audit logs showing all accesses and encrypt all communications between systems. But this may be excessive for many organizations. As with administrators who set a requirement for strong passwords that change every two weeks, you may find that such stringent measures simply encourage everyone to write their passwords on sticky notes so they can remember them.

Requiring two-part authentication, 128-bit key lengths or keys that change every few weeks may be overkill, depending on why you're encrypting data. If you use the same 56-bit key for every encrypted tape, key management will be much easier. But the problem with doing that, or with storing all of your keys in an Excel spreadsheet, is that one security lapse leaves the whole system vulnerable. When many administrators see internal security as a bigger problem than data loss from outside sources, it's probably better to opt for more secure key management.

If you don't think you need the full capability of FIPS 140-2 Level 3, nCipher's keyAuthority provides and manages keys based on other standard encryption standards, such as Microsoft Cryptographic API (MS-CAPI), RSA Laboratories' PKCS #11, Java JCA/JCE CSP and OpenSSL. While these standards aren't specifically designed for high-security

Requires Free Membership to View

storage encryption, they can certainly be used to encrypt hard disk storage, if not at the same level of "uncrackability."

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: