The purpose of key management is to provide procedures for handling cryptographic keying material to be
used in symmetric or asymmetric cryptographic algorithms according to the security policy in force. This part
of ISO/IEC 11770 defines key establishment mechanisms using symmetric cryptographic techniques.
Key establishment mechanisms using symmetric cryptographic techniques can be derived from the entity
authentication mechanisms of ISO/IEC 9798-2 and ISO/IEC 9798-4 by specifying the use of text fields
available in those mechanisms. Other key establishment mechanisms exist for specific environments; see, for
example, ISO 8732. Besides key establishment, the goals of such a mechanism might include unilateral or
mutual authentication of the communicating entities. Further goals might be the verification of the integrity of
the established key, or key confirmation.
This part of ISO/IEC 11770 addresses three environments for the establishment of keys: Point-to-Point, Key
Distribution Centre (KDC), and Key Translation Centre (KTC). This part of ISO/IEC 11770 describes the
required content of messages which carry keying material or are necessary to set up the conditions under
which the keying material can be established. It does not indicate other information which can be contained in
the messages or specify other messages such as error messages. The explicit format of messages is not
within the scope of this part of ISO/IEC 11770.
This part of ISO/IEC 11770 does not specify the means to be used to establish initial secret keys; that is, all
the mechanisms specified in this part of ISO/IEC 11770 require an entity to share a secret key with at least
one other entity (e.g. a TTP). For general guidance on the key lifecycle see ISO/IEC 11770-1. This part of
ISO/IEC 11770 does not explicitly address the issue of interdomain key management. This part of
ISO/IEC 11770 also does not define the implementation of key management mechanisms; products
complying with this part of ISO/IEC 11770 might not be compatible.
ISO/IEC 11770-2:2008 Referenced Document
ISO/IEC 11770-1 Information technology - Security techniques - Key management - Part 1: Framework*, 2010-12-01 Update
ISO/IEC 11770-2:2008 history
2018ISO/IEC 11770-2:2018 IT Security techniques — Key management — Part 2: Mechanisms using symmetric techniques
2009ISO/IEC 11770-2:2008/Cor 1:2009 Information technology - Security techniques - Key management - Part 2: Mechanisms using symmetric techniques; Technical Corrigendum 1
2008ISO/IEC 11770-2:2008 Information technology - Security techniques - Key management - Part 2: Mechanisms using symmetric techniques
2005ISO/IEC 11770-2:1996/Cor 1:2005 Information technology - Security techniques - Key management - Part 2: Mechanisms using symmetric techniques; Technical Corrigendum 1
1996ISO/IEC 11770-2:1996 Information technology - Security techniques - Key management - Part 2: Mechanisms using symmetric techniques