Issue link: https://read.uberflip.com/i/1173416
3 A user-generated key is created through a user-defined random key generator independent of the SSD device. This key is known to the user -- usually the Crypto Officer (CO) -- and can be stored and refilled into the device after a key purge has occurred. User-generated keys are inherently more complex to implement since the end user assumes 100% ownership for random key generation and secure key storage. These tradeoffs are necessary when data needs to be accessible after a key purge. A user-generated key is the preferred method when the end user has FIPS-certified algorithms. It is important to note that this choice also demands the proper key management infrastructure and system security for key maintenance. Permanence of Encryption Keys Based on the user's security requirements for a specific mission, an encryption key can be entered into the device as either a permanent or a session key. 1. A permanent key remains on the device through power cycles. It can be purged through user-defined commands. 2. A session key is automatically purged when power is removed from the device. To enable a normal read and write operation, the session key must be input every time the device is powered on. Clarifying Encryption Key vs ATA Password The role of an encryption key is commonly confused with the role of an ATA password. The one and only purpose of an encryption key is to convert data to cipher text so it is illegible to anyone accessing the data without proper authorization. The purpose of an ATA password is two-fold: (1) authenticate that the user is authorized to access the data (2) re-create the KEK required to decrypt the encrypted permanent key Encryption keys using AES-256 bit encryption are 256 characters in length. In contrast, the length of the ATA password varies based on the BIOS programming; it is typically 32 characters. However, some SSD devices, such as Mercury's ASURRE-StorĀ® and TRRUST-StorĀ® secure SSD devices, accept ATA passwords of up to 64 characters for enhanced security. It is important to select a host system with a BIOS that supports long ATA password lengths for maximum security. Types of Text Data encryption is comprised of two forms of text: 1. Plain text data refers to information in its normal, legible form either before encryption or after decryption. Plain text is the input to an encryption algorithm. 2. Cipher text data is the encoded or encrypted information that is illegible until decrypted into plain text data. Cipher text is the output from an encryption algorithm. Encryption Keys An encryption key, or data encryption key (DEK), is a random string of bits generated by an algorithm that is used to encrypt and decrypt data, converting either plain text into cipher text or cipher text into plain text. To further this concept, encryption keys are classified as either: 1. A red key is a plain text key. 2. A black key is an encrypted key. A key encryption key (KEK) is a key designed to encrypt a red key into a black key or decrypt a black key into a red key. The specific use case of a KEK will be explored later in this white paper. The critical point for the purposes of this introductory discussion is to remember that a black key is used for mission and programs requiring the highest levels of security. Key Encryption Key Red Key Black Key AES Key Wrap Crypto Officer creates two random 256-bit numbers Encryption Key Creation There are two methods to generate an encryption key. A self-generated key is created by the random key generator logic located in the SSD device. Self-generated keys are never known to users and therefore cannot be refilled after the key is purged. Performing the important step of key generation on a certified SSD device removes complexity and encryption infrastructure on the end user. The drawback of a self-generating key is the inability to refill a key after it is purged, leaving data permanently encrypted to friends and foes alike. When an encryption algorithm achieves FIPS certification, the random key generator within the encryption engine produces a key that is just that -- random. This eliminates the risk that a pattern in the key could be determined, resulting in adversarial discovery of the key's complete identity.