A cryptographic key is:
- "[a] value used to control cryptographic operations, such as decryption, encryption, signature generation or signature verification."
- "[a] parameter used in conjunction with a cryptographic algorithm that determines the specific operation of that algorithm."
- "[a] parameter used in conjunction with a cryptographic algorithm that determines
- the transformation of plaintext data into ciphertext data,
- the transformation of ciphertext data into plaintext data,
- a digital signature computed from data,
- the verification of a digital signature computed from data,
- an authentication code computed from data, or
- an exchange agreement of a shared secret.
There are several types of cryptographic keys that may be used in a CKM system: symmetric keys (e.g., one key used for both encryption and decryption), asymmetric public keys (the public component of a public-private key pair), and asymmetric private keys (the private component of a public-private key pair).
Keys are further classified by their life-time: ephemeral keys, which have a short life-time and are usually used only once; and static or long-term keys, which have a longer lifetime and are usually used multiple times.
- ↑ NIST, Electronic Authentication Guideline (NIST Special Publication 800-63) (Apr. 2006) (full-text).
- ↑ NIST FIPS 201; NIST FIPS 198.
- ↑ NIST, FIPS 140-2.