Claims
- 1. A method of managing encryption keys in a cryptographic co-processor, which comprises the steps of:selecting a key type from one of a symmetrical key type and an asymmetrical key type, wherein a user selects the key type; selecting a bit length; generating a key, the generated key having the selected key type and the selected bit length, the step of generating a key being performed in at least one way selected from a group of ways consisting of: 1) sampling an output of a random number generator to assemble a desired length data encryption key (DEK); 2) sampling an output of a random number generator to assemble a desired length key encryption key (KEK); 3) performing a Diffie-Hellman gxy exponentiation in order to arrive at a shared secret value; 4) deriving a symmetrical secret key by hashing an application supplied password or passphrase; 5) transforming a key using at least one of hashing, mixing with fixed data and rehashing, and exclusive oring (XORing); and 6) importing an unencrypted (RED) key provided by the application; and representing the generated key in one of an external form and an internal form, the method of managing encryption keys supporting an internally generated storage variable, a local storage variable and a user application generated KEK.
CROSS-REFERENCE TO RELATED APPLICATION
This application is based on Provisional Patent Application Serial Nos. 60/059,082 and 60/059,839, each of which was filed on Sep. 16, 1997, and relates to U.S. patent application entitled “Cryptographic Co-Processor” filed concurrently herewith, the disclosures of which are incorporated herein by reference.
US Referenced Citations (8)
Provisional Applications (2)
|
Number |
Date |
Country |
|
60/059082 |
Sep 1997 |
US |
|
60/059839 |
Sep 1997 |
US |