http://www.cs.utexas.edu/~byoung/cs361c/slides3-cryptography.pdf
http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7956.pdf
http://en.wikipedia.org/wiki/Key_management
Typical Services Provided by Key Management Systems
Key management is the administration of tasks involved in all aspects of cryptographic key usage in a cryptosystem. This includes dealing with the generation, distribution, exchange, storage, use, and replacement of keys. All aspects of security should be covered for the life-cycle of a key, from key generation to replacement, storage, or disposal. Each key must also be protected during its life-time to prevent unauthorized disclosure, modification, substitution, replay, and improper use. Likewise, the functions used in key management must be prevented from such unauthorized use.
Each Management Solution is Unique
There is no universal solution for key management that will work for all businesses and other types of institutions, companies, etc. Each system may have its own criteria for information security, including type of network topology, cryptographic services, and algorithms. Government and company rules and regulations also need to be taken into account. This requires tight coordination between encryption enabled storage devices and key management, in order for security policies to be effectively enforced.
Phases of Design
There are many phases involved when designing and implementing a key management system. They could include cryptographic algorithm design (including modes of operation), protocol design, interaction with key servers, user procedures, implementation procedures, verification procedures, etc. Each of these phases should be thoroughly scrutinized and evaluated to ensure that the cryptographic mechanisms provide the desired security level.
Difficulties to Overcome
The security of any cryptographic system is mostly dependent on the level of security provided by the keys themselves. Therefore, successful key management is critical to the security of the system. In practice, management of the keys is the most difficult aspect of cryptography, because it involves system policy, user training, organizational and departmental interactions, and coordination between all of these elements. The basic encryption and storage of keys is not hard, but getting the right keys to the authorized users and managing the lifecycle of the keys is the challenging part. The sheer volume of data transactions and distributions within storage media within large companies make key management a formidable task, because of the millions of keys that need to be generated, handled, protected, stored, replaced, and disposed of when needed. The fact the some companies use different encryption tools (possibly incompatible), make the management tasks even more formidable. Key management becomes even more difficult in a cloud environment, where many other types of transactions can occur, and a third party is sometimes involved.
Main Issues in Implementation
The main issues that must be faced when implementing a key management system are: