APIs by Example: Cryptographic Services APIs, Part 7

This is the final installment of the Cryptographic Services APIs article series. Today, I add the Change Master Key (CHGMSTK) command to the set of cryptographic key management commands and functions that I have presented so far. Changing a master key (or any other cryptographic key) is necessary in the event that the key has been compromised, or as part of a key expiration scheme.

The latter is calculated primarily based on the correlation between the key length in bits and the processor power required to run a successful brute-force attack against the key. One way to protect the key is to change a cryptographic key before it is practically possible to break it. This is only one strategy, however, and it should be combined with other defense lines to ensure an overall sufficient level of security in all cryptographic applications and setups.

Download the save file containing the source code.

Read the entire article

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s