Give users access to the answers they need, faster and easier, with multi-repository AI-based search that lets you contextualize everything from clicks to conversations

Products

Overview Business Network

Connect once, reach anything with a secure B2B integration platform

Industry Applications and Services

OpenText™ Business Network Aviator(AI)

Revolutionize connectivity across the internet of clouds

Products

Overview Content

Reimagine knowledge with AI-ready content management solutions

Capture and Intelligent Document Processing

OpenText™ Content Aviator(AI)

Supercharge intelligent workspaces with AI to modernize work

Products

Overview Cybersecurity

Integrated cybersecurity solutions for enterprise protection

Identity and Access Management

Digital Forensics and Incident Response

OpenText Cybersecurity for SMBs & MSPs

Purpose built data protection and security solutions

OpenText™ Cybersecurity Aviator(AI)

Reinvent threat hunting to improve security posture with the power of agile AI

Products

Overview DevOps

Ship better software—faster—with AI-driven DevOps automation, testing, and quality

DevOps Platform

OpenText™ Core Software Delivery Platform

PPM and Strategic Portfolio Management

OpenText™ Project and Portfolio Management

OpenText™ DevOps Aviator(AI)

Elevate millions of developers with AI-powered DevOps experiences

Products

Overview Experience

Reimagine conversations with unforgettable customer experiences

OpenText™ Experience Aviator(AI)

Transform customer communications with private generative AI

Products

Overview Observability and Service Management

Get the clarity needed to cut the cost and complexity of IT operations

Automation and Vulnerability Remediation

OpenText™ Service Management Aviator(AI)

Redefine Tier 1 business support functions with self-service capabilities from private generative AI

Products

Overview APIs

Build custom applications using proven OpenText Information Management technology

OpenText™ API Technical Documentation

OpenText™ Aviator Thrust

Build it your way with OpenText Cloud APIs that create the real-time information flows that enable custom applications and workflows

Products

Overview Device and Data Protection

Protect what matters, recover when it counts

Enterprise Data Backup and Disaster Recovery Solutions

Hybrid Work, Email, and Team Collaboration

Unified Endpoint Management Tools

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Back

Solutions

Overview Information Reimagined

Get greater visibility and sharper insights from AI-driven information management. Ready to see how?

Solutions

Overview Aviator AI

Break free from silos, streamline processes, and improve customer experiences with secure information management for AI

Solutions

Overview Industry solutions

Improve efficiency, security, and customer satisfaction with OpenText

Solutions

Overview Solutions for Enterprise Applications

Run processes faster and with less risk

Maximize sustained growth, value, and innovation with intelligent enterprise solutions from OpenText and SAP

Connect content to business processes for better productivity and stronger governance

Optimize Salesforce effectiveness by bringing together transactional data and unstructured content

Back

Services

Overview Services

Achieve digital transformation with guidance from certified experts

Professional Services

Modernize your information management with certified experts

Customer Success Services

Unlock the full potential of your information management solution

Support Services

Turn support into your strategic advantage

Managed Services

Extend IT teams with certified OpenText application experts

Learning Services

Discover training options to help users of all skill levels effectively adopt and use OpenText products

Services

Overview Professional Services

Modernize your information management with certified experts

Services

Overview Customer Success Services

Unlock the full potential of your information management solution

Services

Overview Support Services

Turn support into your strategic advantage

Services

Overview Managed Services

Extend IT teams with certified OpenText application experts

Services

Overview Learning Services

Discover training options to help users of all skill levels effectively adopt and use OpenText products

Back

Partners

Overview Find a partner

Information is the heartbeat of every organization. We build information management software so you can build the future

Featured Partners

Public Cloud Partners

Enterprise Application

Partners

Overview Cloud Partners

OpenText partners with leading cloud infrastructure providers to offer the flexibility to run OpenText solutions anywhere

Migrate, optimize and manage information management solutions on AWS

Optimize performance and reduce costs with applications deployed on a secure, globally scaled platform

Accelerate migration and modernization with deployment in a highly secure and compliant public cloud

Partners

Overview Enterprise Application Partners

OpenText partners with top enterprise app providers to unlock unstructured content for better business insights

Maximize sustained growth, value, and innovation with intelligent enterprise solutions from OpenText and SAP

Connect content to business processes for better productivity and stronger governance

Optimize Salesforce effectiveness by bringing together transactional data and unstructured content

Partners

Overview Partner Solutions

Discover flexible and innovative offerings designed to add value to OpenText solutions

Partners

Overview Resources for Partners

Discover the resources available to support and grow Partner capabilities

Back

Overview Customer Support

Get expert product and service support to accelerate issue resolution and keep business flows running efficiently

Overview Resources

Explore detailed services and consulting presentations, briefs, documentation and other resources

What is Key Management?

Illustration of IT items with focus on a question mark

Overview

Cryptography is the foundation of cybersecurity, and can effectively protect both consumer privacy and sensitive data from attackers. When encrypted data is stolen, what may have been a serious breach is only a mere incident: something to continue to protect against, but which has minimal impact and may not even require public disclosure.

OpenText™ Voltage™ SecureData uses cryptographic algorithms and keys, and the proper management of cryptographic keys is essential to effective use of encryption: poor key management can make strong algorithms useless. The National Institute of Standards and Technology (NIST) publishes “Recommendations for Key Management” in Special Publication 80057 (Part 1, Revision 5).

Voltage SecureData

Voltage encryption delivers data privacy protection, neutralizes data breach, and drives business value through secure data use.

Learn more

Key Management

Why is key management important?

Modern, strong encryption is never cracked, but often bypassed. It does not matter how much encryption is done: if keys are not well protected, it takes little for a hacker to obtain the crown jewels, with significant business and reputational impact. Key management is just as important as implementing strong cryptography, and is all too often the Achilles heel of enterprise data security and privacy programs.

How are cryptographic keys generated?

There are two ways to create a cryptographic key: generate a random key, or calculate it. It's easy to understand why random keys are good. There is no computational trick that will help an attacker guess a random value that is any better than just guessing all possible values until they get the right one. But it is also possible to generate keys dynamically, in a manner that is just as secure as the traditional approach: by using random seed material generated once, and then deriving keys on demand based on combining a key “name” or an “identifier” with that seed material.

What are derived keys?

The most secure way to calculate a key is by using a secure key derivation function (KDF), the output of which is a derived key. Derived keys are just as secure as random keys, but they have some significant practical advantages. In particular, they make it much cheaper to buy, use, and maintain systems that employ them.

How are encryption keys stored?

Traditional key management entails a complex sequence: generating keys, marking them “not yet used” backing them up; making them available; assigning names; marking them as “in use” deactivating them, so they are no longer available; and more, including replication, synchronization, archiving, and permissions management. This is tedious, and installations using many encryption keys quickly find that key management is as much or more work than the actual encryption.

Which encryption key generation model is better?

The downside of the random key generation approach is that you must back up each new key before it is used to encrypt data. If you do not, then the protected data will not be able to be decrypted if the key store fails.

Comparatively, derived keys offer some significant practical advantages. Since the secret changes only rarely, backups are infrequently required and the need for the whole create-activate-name-deactivate sequence (other than authorization) is removed. Multiple key servers can be created from a single backup and are guaranteed to derive the same keys from the same inputs, since the original seed material is reused, without requiring any real-time replication or synchronization. There is also no risk of losing keys: if an application loses a derived key, it can be re-derived as easily as generating it in the first place.

How should encryption keys be made available?

Regardless of the key management solution, a significant challenge is to ensure that keys are not mishandled by users. It is critical to disconnect users and developers from key management. Application teams should not be involved in storing, protecting, or rotating encryption keys, and nor should they be allowed to actually possess keys. Instead, they should be provided with key identifiers and an interface to an abstraction layer that automates key generation, retrieval, caching, protection, and refresh.

How can Micro Focus help with key management?

Voltage SecureData by OpenText™ implements stateless key management, giving enterprises unprecedented scale and simplified key management. With Voltage SecureData, key management is also abstracted, which means developers don’t ever hold keys and hence don’t need to store them. Instead they store identities – key names – which can be meaningful strings, such as PAN, SSN, SensitiveData, etc. Developers can store these identities in properties files without any protection, since they are not sensitive. SecureData client software takes care of the key management processes – key retrieval, security, cache, etc. With remote, REST-based operation, keys are never exposed outside of the SecureData server. SecureData enables key derivation at the SecureData server or within an HSM.

Encryption can be hard, and key management is even harder; but there are ways to make key management easier while fully complying with even the most rigorous standards. Voltage SecureData makes key management easy helping to shield this critical aspect of a data security program.