KEK (Key Encryption Key) what is it and how to use it correctly

5

I was reading "Cryptography and Security: The official guide to RSA" but I was limited to a few pages (if anyone has the PDF of this please share !!) and then I came across KEK and could not read more ..

What is it and how do you use it correctly?

With everything I've read is just a key that ensures the security of the original key, however I also read that passwords (user passwords) is not very safe to use because it is easier to break and get the original key. in the part that he explained this I could not read more (I was reading in google books preview)

    
asked by anonymous 06.05.2015 / 00:50

1 answer

5

Key encryption key (KEK)

It is used by the application to protect (encrypt / decrypt) other (e.g. TEK, TSK) keys.

An example of usage

If you have used the TEK and TSK keys to protect something, such as a session key, they should not be stored light but encrypted with a KEK. Also, KEK should not be stored in the same location as the encryption keys you are encrypting.

In the image below a session key protects the data, and a key encryption key (KEK) protects the session key

Here has an entire chapter of a book talking about it. It's very cool and easy to understand:)

Code example:

Código rodando no servidor 1:
public string Data(){
    AES objeto = new AES();
    objeto.key= getkey(EncryptedDEK);
    //descriptografa os valores
}

public string getkey(string EncryptedDEK){
  // conecta ao servidor 2 e obtem o DEK
  request(EncryptedDEK); 
}

Código rodando no servidor 2
public string request(string encryptedDEK){
    //verificamos a requisição
    //descriptografamos a DEK que foi criptografada com KEK
   // e então retornamos o DEK descriptografado
}
    
06.05.2015 / 01:10