Key storage methods

when considering different key storage methods, keep the following factors in mind storage location do you store keys on or off the hsm? format in what format do you store encrypted keys? the following sections explore these considerations storing keys on or off the hsm for general purpose use cases, the primary method for storing keys is on the hsm however, some hsm products divert from this norm by storing keys off the hsm (for example, nshields security world) when keys are stored off the hsm, they are encrypted with a master key that is stored on the hsm encrypted key format encrypted keys are generally in one of the following formats cryptogram tr 31 key block key block formats other than tr 31 exist, but they are more proprietary the american national standards institute (ansi) developed tr 31 key blocks, so this format has more widespread support what is a cryptogram? a cryptogam is an encrypted blob of data aside from the encryption itself, no additional security mechanisms are built in instead of using a cryptogram, we recommend using tr 31 key blocks to manage keys the advantages of using tr 31 key blocks are explained further in the following section what is a tr 31 key block? the ansi x9 24 1 2017 specification describes tr 31 key blocks the key block structure consists of the following parts header, encrypted key data, and mac part description header the header is the least sensitive part of the key block it defines the key block type, key usage, and key type encrypted key data this part contains all the key sensitive data, including the actual key values and their size it can optionally contain the ciphering mode used and data padding options mac the message authentication code (mac) is an integrity check of the header and key data and ensures that the key block is unmodified our hsms use tr 31 key blocks for external key escrow and key transport we recommend using tr 31 key blocks to manage keys instead of cryptograms because key blocks safeguard against unauthorized substitution, replacement, or misuse of cryptographic keys by embedding information about a key within the key and data itself cryptograms do not provide this extra level of security