This article is intended as a primer on the classification of cryptographic keys used for securing digital applications.
Just as there are household keys for the car, front door, garage, etc., cryptographic keys can serve many different purposes. Understanding these keys necessitates a grasp of their classification, i.e. the different types of key and their properties and functions.
At its simplest level, a cryptographic key is just a random string consisting of hundreds or thousands of ones and zeroes (i.e. binary digits, or “bits”). However, keys are always created for a specific function, and the associated key meta-data defines the properties of the key.
The difference between symmetric and asymmetric keys
Firstly, and most importantly, there are two primary types of cryptographic keys: symmetric and asymmetric. The latter always come in mathematically-related pairs consisting of a private key and a public key. The security of cryptographic applications critically depends on symmetric keys and private keys always being kept secret, whilst public keys (as their name suggests) are not secret.
The difference between symmetric and asymmetric keys is best illustrated using the example of encrypting a message to protect its confidentiality. Symmetric key encryption algorithms use a single symmetric key for both encryption and decryption, whereas asymmetric key encryption algorithms (aka public key algorithms) use two different but related keys for encryption and decryption.
Symmetric algorithms have the advantage in that they are much faster than asymmetric algorithms, and can handle thousands of keys with very little computing overhead. However, the disadvantage is that a symmetric key must be kept secret, and yet has to be transmitted to the receiving end, which means there is a possibility of it being intercepted and used by an eavesdropper to illicitly decrypt the message.
In practice, this can be overcome using a key agreement protocol such as Diffie Hellman, but an alternative approach for short messages or low-bandwidth communication is to use an asymmetric algorithm. Here, the sender can encrypt the message with the intended recipient’s public key and the recipient can use their corresponding private key to decrypt it. Anyone intercepting the encrypted message will just see random data; only the intended recipient with the appropriate private key can decrypt the message. While the public key may be freely shared with anyone, the recipient must keep the private key secret.
Static vs ephemeral keys and crypto-period
Cryptographic keys may be either static (designed for long term usage) or ephemeral (designed to be used only for a single session or transaction). The crypto-period (i.e. lifetime) of static keys may vary from days to weeks, months or even years depending on what they are used for. In general, the more a key is used, the more susceptible it is to attack and the more data is at risk should it be revealed, so it is important to ensure keys are replaced when required (this process is called updating or cycling).
The length of a key must align with the algorithm that will use it, although most algorithms support a range of different key sizes. In general, the longer a key is, the better security it provides (assuming it is truly random).
With symmetric keys, the security they provide theoretically increases exponentially with their length (for any given algorithm) – adding one more bit doubles their resistance against brute-force attacks. This is not true of asymmetric keys, which generally need to be somewhat longer.
However, for any key (symmetric or asymmetric), its absolute strength also depends on the algorithm that the key is being used with – some algorithms are inherently stronger than others for any given key length.
Hence key length should be chosen based on a number factors such as:
The algorithm being used
The strength of security required
The amount of data being processed with the key
The crypto-period of the key
Common functions for cryptographic keys
Cryptographic keys are used for a number of different functions, such as those listed below. The properties of the associated key (e.g. type, length, crypto-period) will depend on its intended function.
Data Encryption Key
As previously discussed, data may be encrypted to protect its confidentiality using either a symmetric key or an asymmetric key. Typical symmetric algorithms include 3DES and AES with key lengths varying between 128 and 256 bits, and a typical asymmetric algorithm is RSA with a key length between 1,024 and 4,096 bits. Symmetric encryption keys may be ephemeral, or they may be static with a crypto-period commonly in the range of a day to a year, whereas asymmetric key-pairs typically have a longer lifetime of 1 to 5 years. Keys may have to be retained beyond their crypto-period, or even indefinitely, if the data is to be stored in encrypted form and subsequent access (i.e. decryption) is required at a later date.
Without getting into semantics, authentication is used to provide assurance about the integrity and/or originator of the associated data, and is often used alongside symmetric encryption. This is typically achieved with a fast and efficient keyed-hash message authentication code (HMAC) mechanism, which uses a symmetric key. Using the SHA-2 algorithm, the typical key length is between 224 and 512 bits, and may be ephemeral or static, but usually has a relatively short lifetime. Some encryption algorithms support modes (e.g. AES-GCM) that provide authentication without the need for a separate authentication key.
Digital Signature Key
As with authentication, digital signatures provide assurance about the integrity and originator of the associated data, but go one step further and also include the concept of non-repudiation, whereby the signatory cannot reasonably claim the signature was falsified. This requires an asymmetric algorithm such as RSA (key length 1,024 – 4,096 bits) or ECDSA (key length 224 – 521 bits). The private key lifetime is usually measured in years, but the corresponding public key has an indefinite lifetime, as it may be necessary to verify the signature at any arbitrary point in the future.
Key Encryption Key (aka Key Wrapping Key or Key Transport Key)
When a secret key has to be transported securely, it must be “wrapped” using an authenticated encryption mechanism to ensure its confidentiality, integrity and authenticity. Either symmetric or asymmetric encryption may be used, depending on the application. The key used for this encryption is a static, long-term key (it’s purpose being to support frequent updates to the key that is being transported), with its length depending on the algorithm being used.
A master key is a symmetric key that is used to encrypt multiple subordinate keys. Its length will typically be 128 – 256 bits, depending on the algorithm used, and it will have a very long life, possibly even indefinite. It must therefore be well protected, e.g. by using a hardware security module (HSM).
A root key is the topmost key in a Public Key Infrastructure (PKI) hierarchy, which is used to authenticate and sign digital certificates. It is actually an asymmetric key-pair with a length typically between 256 and 4,096 bits depending on the digital signature algorithm used. Such a key usually has a lifetime of several years, and the private key will often be protected using an HSM.
The importance of key management
Where cryptographic keys are used for protecting high-value data, they need to be well managed. Sophisticated key management systems are commonly used to ensure that keys are:
generated to the required length using a high-quality random data source
well protected (generally using an HSM)
managed only by authorized personnel in accordance with defined policies
used only for the functions they were intended for
updated according to their crypto-period
deleted when no longer required
fully auditable to provide evidence of correct (or incorrect) usage
Key management systems often define other properties that enable keys to be manipulated and controlled according to pre-defined policies. For example, keys will usually be assigned an ID or label for reference purposes; there may also be properties that reflect their owner, lifecycle state (e.g. active, expired, revoked, etc.), history (e.g. creation date), which applications are allowed to use them, whether import and export are allowed, and so on.
Cryptographic keys come in two fundamental types, symmetric and asymmetric, and have various properties such as length and crypto-period that depend on their intended function. However, regardless of their properties and intended functions, all keys should be properly managed throughout their life to avoid the risk of misuse (e.g. using a key for the wrong purpose or for two different purposes) or compromise.
References and further reading
NIST SP800-130: A Framework for Designing Cryptographic Key Management Systems (2013) by Elaine Barker, Miles Smid, Dennis Branstad, and Santosh Chokhani
NIST SP800-57 Part 1 Revision 4: A Recommendation for Key Management (2016) by Elaine Barker