NIST Issues New Cryptographic GuidanceSP 800-38F Describes Methods to Protect Cryptographic Keys
The National Institute of Standards and Technology has issued new guidance entitled Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping, the sixth part of a series of recommendations regarding the modes of operation of block cipher.
Special Publication 800-38F describes methods for the protection of the confidentiality and integrity of cryptographic keys.
A block cipher consists of parameters of permutations on bit strings of a fixed length; the parameter that determines the permutation is a bit string called the key. A bit string is a finite, ordered sequence of bits.
According to NIST, the publication specifies two deterministic authenticated-encryption modes of operation of the Advanced Encryption Standard algorithm: the AES key wrap mode and the AES key wrap with padding mode. An analogue of the AES key wrap, called TKW, with the triple data encryption algorithm as the underlying block cipher, is also specified to support legacy applications.
NIST defines a key-wrap algorithm as a deterministic, symmetric-key authenticated-encryption algorithm that is intended for the protection of cryptographic keys. The key-wrap algorithm consists of two functions: authenticated encryption and authenticated decryption.
Key wrap, key wrap with padding and triple data encryption algorithm key wrap are designed to protect the confidentiality, authenticity and integrity of cryptographic keys. Each provides an option for protecting keys in a manner that is distinct from the methods that protect general data. NIST says segregating keys from general data can provide an extra layer of protection.
"Nevertheless," the guidance says, "there is no requirement to protect cryptographic keys with a distinct cryptographic method. Previously approved authenticated-encryption modes - as well as combinations of an approved encryption mode with an approved authentication method - are approved for the protection of cryptographic keys, in addition to general data."
NIST says a specification of the AES key wrap had been available since 2001 on the Computer Security Resource Center website; SP 800-38F officially approves this method. The AES key wrap with padding mode is a variant that provides a specific padding scheme in order to promote interoperability; this variant was originally specified in 2009 under the auspices of the Internet Engineering Task Force.