Intelligence & Security

DoD Public Key Infrastructure

A Cryptography Key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption. Keys are also used in other cryptographic algorithms, such as digital signature schemes and message authentication codes. Most keys are small and generated truly randomly and contain sufficient entropy. This is to prevent a key from being guessed. [1]

The DoD implements the DoD Public Key Infrastructure (PKI) and the DoD Coalition PKI to satisfy operational needs and requirements. The PKI framework and service provider for the generation, production, distribution, control, accounting, and destruction of PK certificates. These PKIs are operated by the DoD PKI Program Management Office (PMO) and are certified and accredited in accordance with DoD Instruction 8510.01 “DoD Information Assurance Certification and Accreditation Process (DIACAP)”.

PKI provides an encryption capability and can be a tool for complying with encryption requirements in DoD Instruction 8520.01 “Public Key Infrastructure (PKI) and Public Key (PK) Enabling”. If an information system uses PKI for encryption of information in transit or at rest, then that system shall follow DoD Information Security Program policy, DoD Instruction 5200.01 “DoD Information Security Program and Protection of Sensitive Compartmented Information”.

The Common Access Card (CAC) is the primary hardware token for identifying individuals for logical access to NIPRNET resources and physical access to DoD facilities. The CAC hardware token protects the private keys associated with identity, authentication, signature, and encryption certificates issued by the DoD PKI for use in unclassified environments.

The Department of Defense (DoD) Approved Cryptography Encryption Levels:

  • Type 1 – U.S. Classified
  • Type 2 – U.S. Federal Inter-Agency
  • Type 3 – Interoperable Inter-Agency (Federal, State and Local) & Commercial Use
  • Type 4 – Proprietary

Aproved cryptography consists of 3 certified components:

  1. An approved algorithm
  2. An implementation that as been approved for the protection of classified information in a particular environment; nearly always a dedicated device
  3. A supporting key management infrastructure

AcqLinks and References:

Updated: 6/21/2018

Leave a Reply