With the primitives and computations selected, key establishment can begin once the system parameters are generated and the public-keys distributed throughout the system.
Key establishment is the process by which two (or more) entities establish a shared secret key. Essentially, two methods are used to establish cryptographic keying material between parties: key agreement and key transport.
With a key agreement scheme, all parties contribute to the derived keying material with information that allows each party to derive the shared keying material. In a key transport scheme, one party determines the keying material that is wrapped (i.e. encrypted) and transported to the intended receivers.
With key transport schemes, the sender determines the key to be transported, wraps (i.e. encrypts) the key and sends the wrapped key to the receiver, who then unwraps (i.e., decrypts) the key. If the scheme is a symmetric key only system, the sender and receiver have manually established a symmetric key to be used as the key-wrapping key between the two parties. The keying material is wrapped using a NIST-approved key-wrapping algorithm (such as the AES key wrap algorithm).
Public-key based key agreement schemes can be transformed into a key transport scheme using an approved key-wrapping scheme, as recommended in NIST SP 800-56. An example is S/MIME, where key agreement is combined with key wrapping to achieve the effect of key transport. This is useful because it allows the efficient encryption of large emails to multiple recipients. The efficiency is that the email content is encrypted just once, with the content encryption key encrypted (wrapped) multiple times, once for each recipient.
There are three major categories of key agreement schemes defined in the standards with two of these categories having multiple cases:
With all these options available for key establishment, the question becomes which scheme to use and when? In general, you need to determine which attributes are important for the level of security.
This issue of Code and Cipher focusses on the subject of key establishment in current security standards and highlights the importance of this often overlooked but central area of concern.