The management of keys in such a way as to retain the security
properties those keys are intended to assure. Examples include physical key
audits, anti-duplication measures, and periodic rekeying, public-key
automated key generation and distribution systems, and analysis of physical
traits on keys for integrity verification.
Complexity: Key management is one of the least understood and hardest
problem areas in cryptography today, and has been the cause of many
cryptosystem failures - perhaps the most widely publicized being the
inadequate key management by Germany during World War II that led to rapid
decoding of Enigma ciphers. Physical key management is equally daunting and
has led to many lock and key design schemes. To date, as far as can be
determined from the available literature, no foolproof key management scheme
has been devised.
fc@red.a.net