KEK (Key Encryption Key) what it is and how to use it correctly

Question

KEK (Key Encryption Key) what it is and how to use it correctly

Asked 9 years, 1 month ago

Viewed 830 times

5

I was reading "Cryptography and Security: The official RSA guide" but I was limited to a few pages (if anyone has the PDF please share!!) and then I came across KEK and could not read more..

What it is and how to use it properly?

With everything I read is just a key that ensures the security of the original key, however I also read that passwords (user passwords) is not something very safe to use as it is easier to break and get the original key.. in the part that he explained that I could not read more (I was reading in the google Books preview)

1 answer

Browser other questions tagged cryptography rsa

You are not signed in. Login or sign up in order to post.

by Paulo Costa • **3,976** points · Answer 1 · 2015-05-05T23:10:01+00:00

Key Encryption key (KEK)

Is used by the application to protect (encrypt/decrypt) other keys(e.g. TEK, TSK).

An example of use

If you have already used TEK and TSK keys to protect something, such as a session key, they should not be stored in clear, but encrypted with a KEK. Also, KEK should not be stored in the same location as the encryption keys it is encrypting.

In the image below a session key protects the data, and a key encryption key (KEK) protects the session key

inserir a descrição da imagem aqui

Here has a whole chapter of a book talking about it. It’s really cool and easy to understand :)

Code example:

Código rodando no servidor 1:
public string Data(){
    AES objeto = new AES();
    objeto.key= getkey(EncryptedDEK);
    //descriptografa os valores
}

public string getkey(string EncryptedDEK){
  // conecta ao servidor 2 e obtem o DEK
  request(EncryptedDEK); 
}

Código rodando no servidor 2
public string request(string encryptedDEK){
    //verificamos a requisição
    //descriptografamos a DEK que foi criptografada com KEK
   // e então retornamos o DEK descriptografado
}