A key protocol or agreement mechanism is a key configuration technique in which a common secret is derived by two (or more) parties based on the information provided by or associated with each of those parties (ideally), so that neither party can predetermine the resulting value. In this process, key generation is done collaboratively, allowing both parties to have the key. Key matching occurs when the key generation needs to be such that at the end of the process, two specific entities know the key and are the only ones to know. A great example is the Diffie-Hellman protocol, where both parties use chance to create data elements, exchange some of these elements with each other, and perform calculations that result in the same result in the end, while leaving external observers completely surprised. The first publicly known public-key MOU[1] to meet the above criteria was the Diffie-Hellman key exchange, in which two parties jointly expose a generator with random numbers, so that a spy cannot determine what is the resulting value used to generate a shared key. en.wikipedia.org/wiki/Key-agreement_protocol Execution of a key agreement. Source(s): NIST SP 800-56B Rev. 2 NIST SP 800-56A Rev. 2 [Overrides] A key configuration event that causes secret key hardware to be exchanged between the parties using a key agreement scheme. Source(s): NIST SP 800-56B Rev. 1 The [superseded] Company and each of its subsidiaries are in substantial compliance with any of the major agreements, licenses and understanding, and to the best of the Company`s knowledge, all other parties to the Key Agreements must comply in all material respects and will have no provision of the Key Agreements. Many key exchange systems allow one party to generate the key and simply send that key to the other party – the other party has no influence on the key. Using a key matching protocol avoids some of the key distribution issues associated with such systems.
An example of a key memorandum of understanding is the Diffie Hellman key exchange. In DH, both parties influence the resulting key and not just one part. The key is agreed by all parties involved. The key installation can be roughly divided into key transport and key agreement. An example of a key transport protocol is one where a player generates a symmetric key and encrypts the key under the recipient`s public key using asymmetric cryptography. This is a key transport protocol (sometimes called a key encapsulation mechanism or KEM) and not a key agreement because the key depends on the input of only one party: the sender. The key is generated by one party and then transported to the other party. Password-authenticated key matching protocols require that you configure a password separately (which may be smaller than a key) in a way that is both private and secure.
These are designed to resist man-in-the-middle and other active attacks on the password and established keys. For example, DH-EKE, SPEKE, and SRP are password-authenticated variants of Diffie-Hellman. Could someone explain in simple terms what the difference is between key generation and key matching. In what situation would I use which one? The key creation process in which the resulting key material is based on the information provided by two or more participants, so that neither party can predetermine the value of the key material, regardless of the other party`s contribution. Source(s): NIST SP 800-57 Part 1 Rev. 4009-2015 3 NIST SP 800-57 Part 1 Rev. 3 [Replaced] under the Key Agreement A key discovery process in which the resulting key material is a function of the information provided by two or more participants, so that a company cannot predetermine the resulting value of the key material independently of another company`s contribution. Source(s): NIST SP 800-152 as part of the key agreement A key creation procedure (in pairs) in which the resulting secret key hardware is based on the information provided by both participants, so that neither party can predetermine the value of the secret key hardware independently of the other party`s contributions. The key agreement includes the creation (i.e. generation) of key material by the main participants in the agreement. A separate distribution of the generated overlay material is not performed.
Contrast with the transport of keys. Source(s): NIST SP 800-57 Part 2 Rev.1 under Key Agreement A key configuration procedure (in pairs) in which the resulting secret key hardware is a function of the information provided by two participants, so that neither party can predetermine the value of the secret key hardware independently of the other party`s contributions. Contrast with the transport of keys. Source(s): NIST SP 800-56B Rev. . . .
