Data encryption is a process of converting digital data into non-interpretable information. Most advanced encryption algorithms require an encryption key to cipher and decipher digital data messages. Encryption key management is the process of managing the unique encryption keys of an organization. These keys are used in the encryption algorithm process. Typically a special key is created for each group of specific users of an application.
There are currently two types of data encryption key techniques in the science of cryptography. These are asymmetric and symmetric keys. An asymmetric encryption key algorithm requires two keys, whereas a symmetric key algorithm only requires one key. Both of these forms of encryption key management are used to today for encrypting and decrypting messages.
Asymmetric encryption is used by many advanced encryption algorithms. This approach requires two unique keys for message interpretation. The first key is used to encrypt a message, which is commonly referred to as a private key. A secondary key, known as a public key, is shared with message consumers. It is used as the key for deciphering the message. Both the private key and public key have special unique values that enable the creation of special codes to interpret encrypted messages.
Symmetric key encryption only uses one key. This single key is used for both ciphering and deciphering messages. Most encryption algorithms that use symmetric keys also include complex math functions as a form of deterrent. This is because a single key can more easily be obtained by would-be intruders.
Encryption key management is one of the most difficult processes within data security. This is because it typically relies on people and business policies to be successful. An encryption key is similar to the key to a safe. Once this key is shared or lost it can be used for malicious purposes.
The National Institute of Standards and Technology (NIST) is the governing body in the United States that manages encryption algorithm standards. This group has created some best practice recommendations for encryption key management. These processes define the framework for the creation, management, and decommissioning of encryption keys within an organization.
One of the most important elements of effective key management is ensuring all keys expire. A non-expiring key can be used indefinitely with no authentication required. With typical attrition and employee turnover, this is a dangerous implementation. Most encryption keys expire on an annual basis. This provides an inherent security measure for encryption key management that will automatically disable keys on an annual basis.