Cryptography is often used in an information technology security environment to protect
data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or
undetected modification during transmission or while in storage. Cryptography relies
upon two basic components: an algorithm (or cryptographic methodology) and a
cryptographic key. The algorithm is a mathematical function, and the key is a parameter
used by that function.
The National Institute of Standards and Technology (NIST) has developed a wide variety
of Federal Information Processing Standards (FIPS) and NIST Special Publications (SPs)
to specify and approve cryptographic algorithms for Federal government use. In addition,
guidance has been provided on the management of the cryptographic keys to be used with
these approved cryptographic algorithms.
This Recommendation discusses the generation of the keys to be used with the approved
cryptographic algorithms. The keys are either generated using mathematical processing
on the output of approved Random Bit Generators and possibly other parameters, or
generated based upon keys that are generated in this fashion.
