More on Keys

The best source of information I have read on cryptographic keys was Cryptography for Dummies. Seriously. Let's start with the Key Encryption Key (KEK). This is a way to wrap a key with encryption to keep the key itself secure.

Keys are not generic. They are specific to the algorithm that uses them. Keys are set up to be generated by a key server. This server distributes new keys when necessary. The downside to this approach is that if the server becomes compromised, the whole show is bust.

A key escrow is a way to store keys and/or pass phrases in case the keys are lost. This allows them to be recovered in the future. You require the answers to some secret questions before the keys can be recovered from the escrow.

Next time I will go over some of the acronyms which usually stand for security protocols. Examples are TLS, SSH, SSML, and S/MIME.