This part of ISO/IEC 11770 defines key management mechanisms based on asymmetric cryptographic tech-niques. It specifically addresses the use of asymmetric techniques to achieve the following goals:
1. Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism the secret key is the re-sult of a data exchange between the two enti-ties A and B. Neither of them can prede-termine the value of the shared secret key.
2. Establish a shared secret key for a symmetric cryptographic technique between two entities A and B by key transport. In a secret key transport mechanism the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques.
3. Make an entity's public key available to other entities by key transport. In a public key transport mechanism, the public key of an en-tity A must be transferred to other entities in an authenticated way, but not requiring se-crecy.
Some of the mechanisms of this part of ISO/IEC 11770 are based on the corresponding authentication mecha-nisms in ISO/IEC 9798-3.
This part of ISO/IEC 11770 does not cover aspects of key management such as
-key lifecycle management,
-mechanisms to generate or validate asymmet-ric key pairs,
-mechanisms to store, archive, delete, destroy, etc. keys.
While this part of ISO/IEC 11770 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms de-scribed can be used to achieve this.
This part of ISO/IEC 11770 does not cover the imple-mentations of the transformations used in the key man-agement mechanisms.
NOTE - To achieve authenticity of key manage-ment messages it is possible to make provisions for authenticity within the key establishment protocol or to use a public key signature system to sign the key exchange messages.
ISO/IEC 11770-3:1999 history
2021ISO/IEC 11770-3:2021 Information security - Key management - Part 3: Mechanisms using asymmetric techniques
2017ISO/IEC 11770-3:2015/Amd 1:2017 Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques — Amendment 1: Blinded Diffie-Hellman key agreement
2016ISO/IEC 11770-3:2015/Cor 1:2016 Information technology - Security techniques - Key management - Part 3: Mechanisms using asymmetric techniques; Technical Corrigendum 1
2015ISO/IEC 11770-3:2015 Information technology - Security techniques - Key management - Part 3: Mechanisms using asymmetric techniques
2009ISO/IEC 11770-3:2008/Cor 1:2009 Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques — Technical Corrigendum 1
2008ISO/IEC 11770-3:2008 Information technology - Security techniques - Key management - Part 3: Mechanisms using asymmetric techniques
1999ISO/IEC 11770-3:1999 Information technology - Security techniques - Key management - Part 3: Mechanisms using asymmetric techniques