Key management for cryptographic uses


The key management framework manages secret keys, or key pairs, used by applications for performing cryptographic operations on data. Keys are managed in keystores.

Key configuration object types...

key set Instances of keys of the same type.
key set group One or more key sets.

If an application needs both a secret key and key pair for cryptographic operations, we can configure two key sets, one for the key pair and one for the secret key that the key set group manages.

The key set group controls the auto-generation characteristics of the keys, including the schedule. The framework can automatically generate keys on a scheduled basis, such as on a particular day of the week and time of day, so that key generation is done during off-peak hours.

Key set 1 generates key pairs. Key set 2 generates secret keys. The application needs both types of keys for its cryptographic operations, signing and encryption, on data. The keys for each key set need to be generated in tandem. The application stores the key set group name with the encrypted data. The key set group generates a new set of keys every Sunday night at 11 P.M.. The application maintains key generation data for two weeks.



Create a key set configuration
Set a hardware cryptographic keystore
Create a key set group configuration
Develop a key or key pair generation class for automated key generation
Key set collection