scope:

NEN-ISO/IEC 11770-3 defines key management mechanisms based on asymmetric cryptographic techniques. It specifically addresses the use of asymmetric techniques to achieve the following goals. a) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B by key agreement. In a secret key agreement mechanism, the secret key is computed as the result of a data exchange between the two entities A and B. Neither of them should be able to predetermine the value of the shared secret key. b) Establish a shared secret key for use in a symmetric cryptographic technique between two entities A and B via key transport. In a secret key transport mechanism, the secret key is chosen by one entity A and is transferred to another entity B, suitably protected by asymmetric techniques. c) Make an entity's public key available to other entities via key transport. In a public key transport mechanism, the public key of entity A shall be transferred to other entities in an authenticated way, but not requiring secrecy. Some of the mechanisms of this part of ISO/IEC 11770 are based on the corresponding authentication mechanisms in ISO/IEC 9798-3. This part of ISO/IEC 11770 does not cover certain aspects of key management, such as - key lifecycle management, - mechanisms to generate or validate asymmetric key pairs, and - mechanisms to store, archive, delete, destroy, etc. keys. While this part of ISO/IEC 11770 does not explicitly cover the distribution of an entity's private key (of an asymmetric key pair) from a trusted third party to a requesting entity, the key transport mechanisms described can be used to achieve this. A private key can in all cases be distributed with these mechanisms where an existing, non-compromised key already exists. However, in practice the distribution of private keys is usually a manual process that relies on technological means such as smart cards, etc. This part of ISO/IEC 11770 does not specify the transformations used in the key management mechanisms.