Key storage methods

when considering different key storage methods, keep the following factors in mind storage location do you store keys on or off the hsm? format in what format do you store encrypted keys? the following sections explore these considerations storing keys on or off the hsm for general purpose use cases, you primarily store keys on the hsm however, some hsm products divert from this norm by storing keys off the hsm (for example, nshields security world) in this case, you encrypt those off hsm keys with a master key that you store on the hsm encrypted key format encrypted keys are generally in one of the following formats cryptogram tr 31 key block key block formats other than tr 31 exist, but they are more proprietary because the american national standards institute (ansi) developed tr 31 key blocks, this format has more widespread support what is a cryptogram? a cryptogam is an encrypted blob of data aside from the encryption itself, no additional security mechanisms are baked in however, instead of using a cryptogram, we recommend using tr 31 key blocks to manage keys the advantages of using tr 31 key blocks are explained further in the following section what is a tr 31 key block? the ansi x9 24 1 2017 specification describes tr 31 key blocks the key block structure consists of the following parts part description header the header is the least sensitive part of the key block it defines the key block type, key usage, and key type encrypted key data this part contains all the key sensitive data, including the actual key values and their size it can optionally contain the ciphering mode used and data padding options mac the message authentication code (mac), an integrity check of the header and key data, ensures that the key block is unmodified our hsms use tr 31 key blocks for external key escrow and key transport we recommend using tr 31 key blocks to manage keys instead of cryptograms because they safeguard against unauthorized substitution, replacement, or misuse of cryptographic keys by embedding information about a key within the key and data itself cryptograms do not provide this extra level of security