Cryptographic Key Management


While the goal of the Encrypted Web is to show developers the simple REST APIs that make it easy to integrate cryptographic security into apps, it’s also important to describe the details and complexity involved with cryptographic key management systems.

1. Control

Exclusive Control of Keys

The first tenet of cryptography is that the keys must be under the exclusive control of a single owner/organization.

If you’re developing apps that require compliance, you need exclusive control of your keys.

However, exclusive control of keys is especially hard in today’s cloud environment, where multi-tenancy and software solutions are espoused due to their simplicity and scalability. It’s important to recognize that multi-tenancy for cryptographic keys are a big no-no. Keys need single tenancy.


2. Protection

Protect Keys in Hardware-Based Cryptoprocessors

At the most basic level, master keys must be stored in dedicated hardware purpose-built to protect cryptographic keys: cryptoprocessors. There are two basic types of cryptoprocessors: Trusted Platform Module (TPM) and Hardware Security Module (HSM). A TPM is a chip soldered to a system’s motherboard to provide a tamper-proof environment for keys. They are often certified to FIPS 140-2 Level 2. An HSM is a network-attached device or a PCI card with multiple levels of physical security. They are often certified to FIPS 140-2 Level 3.

The importance of cryptoprocessors for developers is that key management can’t be done in software alone. Luckily, there are new crypto-based hardware solutions, such as Cloud HSMs, that allow developers to use cryptoprocessors. The beauty of the Encrypted Web is that it provides integration into a variety of TPM- and HSM-based systems.


3. Management

Key Management

There’s a whole lifecycle involved with cryptographic keys: generation, exchange, storage, use, destruction and replacement. There are a variety of APIs available to work with keys: Public Key Cryptography Standards #11 (PKCS#11), Microsoft’s Cryptography API: Next Generation (CNG) and the Java Cryptography Extension (JCE).

The beauty of the Encrypted Web is the years of work to provide integration with these standards, shielding developers from these complexities, and normalizing the process. Instead of months of effort to learn the esoteric process of managing keys, developers can work with their data and make calls to simple REST API endpoints.

4. Isolation

Cryptographic Domains

Cryptographic Domains allow developers to separate and manage the encryption policies of different apps. Each cryptographic domain is a logical collection of keys, policies, users and encrypted data, all protected under a unique Cryptographic Domain Key (CDK). The CDK is a 2048-bit RSA asymmetric key-pair generated that’s protected by the cryptoprocessor and used to encrypt all symmetric keys. Every cryptographic domain is unique and is never shared with other cryptographic domains.

Every REST API requires the cryptographic domain as a parameter.


5. Access

Key Custodians

To protect against unauthorized access to cryptographic keys, a process is used to separate and distribute the secret used to enable cryptographic key management. Similar to the distribution of nuclear codes, key custodianship ensures that a cryptographic system can only be restarted by authorized personnel. Therefore, even if an entire system is stolen, the thieves will not be able to start the cryptographic processes required to access keys.


6. Availability

High Availability and Disaster Recovery for Key Managements Systems

There’s a sophisticated process around clustering of cryptographic key management systems and cryptoprocessors. This process ensures high availability and disaster recovery while simultaneously maintaining security of all the keys.