|
1.
|
Clear description of the referenced document:
|
|
|
|
|
2.
|
Status of approval:
|
|
|
Approved in May 2020
|
|
3.
|
Justification for the specific reference:
|
|
|
Recommendation for cryptographic keys lifecycle management
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
Some information may be available in the NIST Patents Database that can be accessed through http://patapsco.nist.gov/ts/220/sharedpatent/index.cfm
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
This NIST document has been produced by Computer Security Division's (CSD) Security Technology Group of NIST has a subgroup that deals specifically with Cryptographic Technology Standards and Guidance (CTSG). CTSG is involved in the development, maintenance, and promotion of a number of standards and guidance that cover a wide range of cryptographic technology.
NIST held a public workshop in the fall of 2000, and a second public workshop in the summer of 2001 that both provided input into this particular document.
Currently, there are five confidentiality modes of operation that can be used with NIST's current encryption algorithms. NIST is considering developing a variety of symmetric key block cipher modes of operation for use with any current and future approved block cipher algorithms.
NIST has long term technical experience in dealing with cryptographic matters. The document has been publicly and internally reviewed before publication.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
NIST is actively involved in standardization of cryptographic techniques. The crypto tools are of wide general applicability (see e.g. DES, AES, modes of operation and guidelines). NIST continues its research and standardization in the area of modes of operation. Special Publication 800-38B will specify an authentication mode and draft Special Publication 800-38C will specify the CCM mode of the AES algorithm. NIST also expects to publish a new edition of SP 800-38A in which the domain of the CBC mode is extended (to include plaintexts whose bit lengths are not a multiple of the block size); all of the technical material that is specified in the 2001 edition is expected to remain valid. NIST continues to accept modes proposals.
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
ANSX9.31 Accredited Standards Committee X9 (1998) ANSI X9.31-1998 – Digital/
Signatures Using Reversible Public Key Cryptography for the Financial/
Services Industry (rDSA) (American National Standards Institute)/
[Withdrawn]./
DiCrescenzo Di Crescenzo G, Ferguson N, Impagliazzo R, Jakobsson M (1999) How to/
forget a secret. STACS 99: 16th Annual Symposium on Theoretical Aspects/
of Computer Science (Springer, Trier, Germany), pp 500-509./
https://doi.org/10.1007/3-540-49116-3_47/
FIPS140 National Institute of Standards and Technology (2002) Security/
Requirements for Cryptographic Modules. (U.S. Department of Commerce,/
Washington, D.C.), Federal Information Processing/
Standards Publication (FIPS) 140-2./
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf/
National Institute of Standards and Technology (2019) Security/
Requirements for Cryptographic Modules. (U.S. Department of Commerce,/
Washington, D.C.), Federal Information Processing/
Standards Publication (FIPS) 140-3./
https://doi.org/10.6028/NIST.FIPS.140-3/
FIPS180 National Institute of Standards and Technology (2015) Secure Hash/
Standard (SHS). (U.S. Department of Commerce, Washington, D.C.),/
Federal Information Processing Standards Publication (FIPS) 180-4./
https://doi.org/10.6028/NIST.FIPS.180-4/
FIPS186 National Institute of Standards and Technology (2013) Digital Signature/
Standard (DSS). (U.S. Department of Commerce, Washington, D.C.),/
Federal Information Processing Standards Publication (FIPS) 186-4./
https://doi.org/10.6028/NIST.FIPS.186-4/
National Institute of Standards and Technology (2013) Digital Signature/
Standard (DSS). (U.S. Department of Commerce, Washington, D.C.), Draft/
Federal Information Processing Standards Publication (FIPS) 186-5./
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf/
FIPS197 National Institute of Standards and Technology (2001) Advanced/
Encryption Standard (AES). (U.S. Department of Commerce, Washington,/
DC), Federal Information Processing Standards Publication (FIPS) 197./
https://doi.org/10.6028/NIST.FIPS.197/
FIPS198 National Institute of Standards and Technology (2008) The Keyed-Hash/
Message Authentication Code (HMAC). (U.S. Department of Commerce,/
Washington, DC), Federal Information Processing Standards Publication/
(FIPS) 198-1./
https://doi.org/10.6028/NIST.FIPS.198-1/
FIPS199 National Institute of Standards and Technology (2004) Standards for/
Security Categorization of Federal Information and Information Systems./
(U.S. Department of Commerce, Washington, D.C.), Federal Information/
Processing Standards Publication (FIPS) 199./
https://doi.org/10.6028/NIST.FIPS.199/
FIPS201 National Institute of Standards and Technology (2013) Personal Identity/
Verification (PIV) of Federal Employees and Contractors, (U.S./
Department of Commerce, Washington, D.C.), Federal Information/
Processing Standards Publication (FIPS) 201-2./
https://doi.org/10.6028/NIST.FIPS.201-2./
FIPS202 National Institute of Standards and Technology (2015) SHA-3 Standard:/
Permutation-Based Hash and Extendable-Output Functions. (U.S./
Department of Commerce, Washington, D.C.), Federal Information/
Processing Standards Publication (FIPS) 202./
https://doi.org/10.6028/NIST.FIPS.202/
FPKI-KRP Federal Public Key Infrastructure Policy Authority (2017) Federal Public/
Key Infrastructure Key Recovery Policy, version 1.0. Available at/
https://www.idmanagement.gov/wpcontent/uploads/sites/1171/uploads/fpki-krp-v1.0-10-6-2017.pdf/
IG 7.5 National Institute of Standards and Technology, Canadian Centre for Cyber/
Security (2003) Strength of Key Establishment Methods. Implementation/
Guidance for FIPS 140-2 and the Cryptographic Module Validation/
Program (CMVP). (National Institute of Standards and Technology,/
Gaithersburg, MD), Section 7.5 [Amended]. Available at/
https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validationprogram/documents/fips140-2/fips1402ig.pdf/
ITLBulletin Burr WE, Hash JS (2002) Techniques for System and Data Recovery./
(National Institute of Standards and Technology, Gaithersburg, MD), ITL/
Bulletin, April 2002. Available at/
https://csrc.nist.gov/publications/detail/itl-bulletin/2002/04/techniques-forsystem-and-data-recovery/final/
OMB11/01 Office of Management and Budget (2001) OMB Guidance to Federal/
Agencies on Data Availability and Encryption. (National Institute of/
Standards and Technology, Gaithersburg, MD), [November 26, 2001]./
Available at https://csrc.nist.gov/csrc/media/projects/block-ciphertechniques/documents/ombencryption-guidance.pdf/
RFC2560 Myers M, Ankney R, Malpani A, Galperin S, Adams C (1999) X.509/
Internet Public Key Infrastructure, Online Certificate Status Protocol –/
OCSP. (Internet Engineering Task Force (IETF) Network Working Group),/
IETF Request for Comments (RFC) 2560./
https://doi.org/10.17487/RFC2560/
RFC 3647 Chokhani S, Ford W, Sabett R, Merrill C, Wu S (2003) Internet X.509/
Public Key Infrastructure Certificate Policy and Certification Practices Framework (Internet Engineering Task Force (IETF) Network Working/
Group), IETF Request for Comments (RFC) 3647./
https://doi.org/10.17487/RFC3647/
RFC 8032 Josefsson S, Liusvaara I (2017) Edwards-Curve Digital Signature/
Algorithm (EdDSA). (Internet Research Task Force (IRTF)), IRTF Request/
for Comments (RFC) 8032./
https://doi.org/10.17487/RFC8032./
SP800-32 Kuhn DR, Hu VC, Polk WT, Chang S-jH (2001) Introduction to Public Key/
Technology and the Federal PKI Infrastructure. (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-32./
https://doi.org/10.6028/NIST.SP.800-32/
SP800-37 Joint Task Force (2018) Risk Management Framework for Information/
Systems and Organizations: A System Life Cycle Approach for Security/
and Privacy. (National Institute of Standards and Technology,/
Gaithersburg, MD), NIST Special Publication (SP) 800-37, Rev. 2./
https://doi.org/10.6028/NIST.SP.800-37r2/
SP800-38 Recommendation for Block Cipher Modes of Operation (all parts)./
Available at/
https://csrc.nist.gov/projects/block-cipher-techniques/bcm/current-modes/
SP800-38A Dworkin MJ (2001) Recommendation for Block Cipher Modes of/
Operation: Methods and Techniques. (National Institute of Standards and/
Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-38A./
https://doi.org/10.6028/NIST.SP.800-38A/
SP800-38B Dworkin MJ (2005) Recommendation for Block Cipher Modes of/
Operation: the CMAC Mode for Authentication. (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-38B, Includes updates as of October 6, 2016./
https://doi.org/10.6028/NIST.SP.800-38B/
SP800-38C Dworkin MJ (2004) Recommendation for Block Cipher Modes of/
Operation: the CCM Mode for Authentication and Confidentiality./
(National Institute of Standards and Technology, Gaithersburg, MD),/
NIST Special Publication (SP) 800-38C, Includes updates as of July 20,/
2007./
https://doi.org/10.6028/NIST.SP.800-38C/
SP800-38D Dworkin MJ (2007) Recommendation for Block Cipher Modes of/
Operation: Galois/Counter Mode (GCM) and GMAC. (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-38D./
https://doi.org/10.6028/NIST.SP.800-38D/
SP800-38F Dworkin MJ (2012) Recommendation for Block Cipher Modes of/
Operation: Methods for Key Wrapping. (National Institute of Standards and/
Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-38F./
SP800-52 Polk T, McKay KA, Chokhani S (2019) Guidelines for the Selection,/
Configuration, and Use of Transport Layer Security (TLS)/
Implementations. (National Institute of Standards and Technology,/
Gaithersburg, MD), NIST Special Publication (SP) 800-52, Rev. 2./
https://doi.org/10.6028/NIST.SP.800-52r2/
SP800-56A Barker EB, Chen L, Roginsky A, Vassilev A, Davis R (2018)/
Recommendation for Pair-Wise Key-Establishment Schemes Using/
Discrete Logarithm Cryptography. (National Institute of Standards and/
Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56A,/
Rev. 3./
https://doi.org/10.6028/NIST.SP.800-56Ar3/
SP800-56B Barker EB, Chen L, Roginsky A, Vassilev A, Davis R, Simon S (2019)/
Recommendation for Pair-Wise Key-Establishment Using Integer/
Factorization Cryptography. (National Institute of Standards and/
Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-56B,/
Rev. 2./
https://doi.org/10.6028/NIST.SP.800-56Br2/
SP800-56C Barker EB, Chen L, Davis R (2018) Recommendation for Key-Derivation/
Methods in Key-Establishment Schemes. (National Institute of Standards/
and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-/
56C, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-56Cr1/
SP800-57, Part 2 Barker EB, Barker WC (2019) Recommendation for Key Management: Part/
2 – Best Practices for Key Management Organizations. (National Institute/
of Standards and Technology, Gaithersburg, MD), NIST Special/
Publication (SP) 800-57 Part 2, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-57pt2r1/
SP 800-57, Part 3 Barker EB, Dang QH (2015) Recommendation for Key Management, Part/
3: Application-Specific Key Management Guidance. (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-57 Part 3, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-57pt3r1/
SP800-63 Grassi PA, Garcia ME, Fenton JL (2017) Digital Identity Guidelines./
(National Institute of Standards and Technology, Gaithersburg, MD), NIST/
Special Publication (SP) 800-63-3, Includes updates as of December 1,/
2017./
https://doi.org/10.6028/NIST.SP.800-63-3/
SP 800-63A Grassi PA, Fenton JL, Lefkovitz NB, Danker JM, Choong YY, Greene KK,/
Theofanos MF (2017) Digital Identity Guidelines: Enrollment and Identity/
Proofing. (National Institute of Standards and Technology, Gaithersburg,/
MD), NIST Special Publication (SP) 800-63A, Includes updates as of/
December 1, 2017./
NIST SP 800-57 PART 1 REV. 5 REC/
SP800-67 Barker EB, Mouha N (2017) Recommendation for the Triple Data/
Encryption Algorithm (TDEA) Block Cipher. (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-67, Rev. 2./
https://doi.org/10.6028/NIST.SP.800-67r2/
SP 800-88 Kissel R, Regenscheid A, Scholl M, Stine K (2014) Guidelines for Media/
Sanitization. (National Institute of Standards and Technology,/
Gaithersburg, MD), NIST Special Publication (SP) 800-88, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-88r1/
SP800-89 Barker EB (2006) Recommendation for Obtaining Assurances for Digital/
Signature Applications. (National Institute of Standards and Technology,/
Gaithersburg, MD), NIST Special Publication (SP) 800-89./
https://doi.org/10.6028/NIST.SP.800-89/
SP800-90 Joint reference to SP800-90A, SP800-90B, and SP800-90C./
SP800-90A Barker EB, Kelsey JM (2015) Recommendation for Random Number/
Generation Using Deterministic Random Bit Generators. (National/
Institute of Standards and Technology, Gaithersburg, MD), NIST Special/
Publication (SP) 800-90A, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-90Ar1/
SP800-90B Sönmez Turan M, Barker EB, Kelsey JM, McKay KA, Baish ML, Boyle M/
(2018) Recommendation for the Entropy Sources Used for Random Bit/
Generation. (National Institute of Standards and Technology, Gaithersburg,/
MD), NIST Special Publication (SP) 800-90B./
https://doi.org/10.6028/NIST.SP.800-90B/
SP800-90C Barker EB, Kelsey JM (2016), Recommendation for Random Bit Generator/
(RBG) Constructions. (National Institute of Standards and Technology,/
Gaithersburg, MD), Second Draft NIST Special Publication (SP) 800-90C./
Available at https://csrc.nist.gov/publications/detail/sp/800-90c/draft/
SP800-107 Dang QH (2012) Recommendation for Applications Using Approved Hash/
Algorithms. (National Institute of Standards and Technology, Gaithersburg,/
MD), NIST Special Publication (SP) 800-107, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-107r1/
SP800-108 Chen L (2009) Recommendation for Key Derivation Using Pseudorandom/
Functions (Revised). (National Institute of Standards and Technology,/
Gaithersburg, MD), NIST Special Publication (SP) 800-108, Revised./
https://doi.org/10.6028/NIST.SP.800-108/
SP800-130 Barker EB, Smid ME, Branstad DK, Chokhani S (2013) A Framework for/
Designing Cryptographic Key Management Systems. (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-130./
https://doi.org/10.6028/NIST.SP.800-130/
SP800-131A Barker EB, Roginsky A (2019) Transitioning the Use of Cryptographic/
Algorithms and Key Lengths. (National Institute of Standards and/
Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-131A,/
Rev. 2./
https://doi.org/10.6028/NIST.SP.800-131Ar2/
SP800-132 Sönmez Turan M, Barker EB, Burr WE, Chen L (2010) Recommendation/
for Password-Based Key Derivation: Part 1: Storage Applications./
(National Institute of Standards and Technology, Gaithersburg, MD), NIST/
Special Publication (SP) 800-132./
https://doi.org/10.6028/NIST.SP.800-132/
SP800-133 Barker EB, Roginsky AL (2019) Recommendation for Cryptographic Key/
Generation. (National Institute of Standards and Technology, Gaithersburg,/
MD), NIST Special Publication (SP) 800-133, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-133r1/
SP 800-135 Dang QH (2011) Recommendation for Existing Application-Specific Key/
Derivation Functions. (National Institute of Standards and Technology,/
Gaithersburg, MD), NIST Special Publication (SP) 800-135, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-135r1/
SP800-152 Barker EB, Branstad DK, Smid ME (2015) A Profile for U.S. Federal/
Cryptographic Key Management Systems (CKMS). (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-152./
https://doi.org/10.6028/NIST.SP.800-152/
SP 800-175B Barker EB (2020) Guideline for Using Cryptographic Standards in the/
Federal Government: Cryptographic Mechanisms. (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-175B, Rev. 1./
https://doi.org/10.6028/NIST.SP.800-175Br1/
SP 800-185 Kelsey JM, Chang S-jH, Perlner RA (2016) SHA-3 Derived Functions:/
cSHAKE, KMAC, TupleHash, and ParallelHash. (National Institute of/
Standards and Technology, Gaithersburg, MD), NIST Special Publication/
(SP) 800-185./
https://doi.org/10.6028/NIST.SP.800-185
|
|
9.
|
Qualification of
NIST:
|
|
|
Qualification of NIST: NIST is recognized under the provisions of ITU-T Recommendation A.5. Qualifying information is on file in TSB.
|
|
10.
|
Other (for any supplementary information):
|
|
|
None
|
|
