We now begin our discussion of the various phases in the key lifecycle. This begins with key generation, which is the creation of cryptographic keys. This is a critical phase of the key lifecycle. As we indicated earlier, many cryptosystems have been found to have weaknesses because they don’t generate their keys in a sufficiently secure manner.

Direct key generation

Symmetric keys are just randomly generated numbers (normally bit strings). The most obvious method for generating a cryptographic key is therefore to randomly generate a number, or more commonly a pseudorandom number. The random number generation and other techniques are appropriate for key generation. The choice of technique will depend on the application. The strength of the technique used should consider the importance of the cryptographic key being generated. For example, using a hardware-based non-deterministic generator might be appropriate for a master key. In contrast, a software-based non-deterministic generator based on mouse movements might suffice for generating a local key to be used to store personal files on a home PC.

Get hands-on with 1200+ tech skills courses.