A generic security API for symmetric key management on cryptographic devices

We present a new symmetric key management API for cryptographic devices intended to implement security protocols in distributed systems. Our API has a formal security policy and proofs of security in the symbolic model, under various threat scenarios. This sets it apart from previous APIs such as RSA PKCS#11, which are under-specified, lack a clear security policy and are often subject to attacks. Our design is based on the principle of explicitness: the security policy for a key must be given at creation time, and this policy is then included in any ciphertext containing the key. Our API also contains novel features such as the possibility of insisting on a freshness check before accepting an encrypted key for import. To show the applicability of our design, we give an algorithm for automatically instantiating the API commands for a given key management protocol and apply it on the Clark–Jacob protocols suite.