Key Management

Key management encompasses the policies, procedures, and cryptographic mechanisms used to generate, distribute, store, rotate, revoke, and destroy encryption keys throughout their lifecycle—the discipline that determines whether encryption protects or merely decorates.

Definition

Key management is the complete set of operations involved in handling cryptographic keys from creation to destruction: generation, distribution, storage, usage, rotation, backup, recovery, and revocation. It is the operational discipline that determines whether a cryptographic system is secure in practice, not just in theory. AES-256 is mathematically unbreakable, but if the key is stored in a plaintext config file, emailed to a colleague, or backed up to an unencrypted drive, the encryption is theater.

Key management systems (KMS) formalize these operations. Cloud providers offer managed KMS services (AWS KMS, Google Cloud KMS, Azure Key Vault). Hardware security modules (HSMs) provide tamper-resistant key storage in dedicated hardware. The NIST Special Publication 800-57 defines a comprehensive key management framework that has become the de facto standard for government and enterprise deployments.

Why It Matters

In 2024, Thales’s Global Data Threat Report found that 56% of organizations had experienced a data breach involving encrypted data where the encryption was bypassed through compromised keys—not broken algorithms. The cryptography held. The key management failed. Ponemon Institute research from the same year showed that the average enterprise manages over 50,000 encryption keys, with 60% of security professionals admitting they lack full visibility into where all their keys are stored.

Key management failures have produced some of the most consequential security incidents in recent history. The 2017 Equifax breach—which exposed the personal data of 147 million people—was enabled in part by an expired SSL certificate that went unnoticed for 19 months, a key management oversight that left a critical intrusion detection system blind. Uber’s 2016 breach, which exposed data on 57 million users and drivers, was traced to engineers who stored AWS access keys in a GitHub repository.

The pattern is consistent: algorithms do not fail. Key management does. The strongest cipher in the world protects nothing if the key is mishandled.

How It Works

Key management spans the entire key lifecycle:

Generation: Keys must be generated using cryptographically secure random number generators (CSPRNGs). Predictable or insufficiently random keys are vulnerable to brute-force and statistical attacks. The Web Crypto API provides access to the operating system’s CSPRNG via crypto.getRandomValues() and crypto.subtle.generateKey().
Distribution: Keys must reach their intended recipients without interception. Key agreement protocols like Diffie-Hellman and X3DH establish shared secrets over insecure channels. In E2EE systems, public keys are distributed via key servers or out-of-band verification.
Storage: Keys at rest must be protected. HSMs store keys in tamper-evident hardware. Software-based approaches use key-wrapping (encrypting keys with other keys) or OS-level secure enclaves. The most radical approach: do not store keys at all. Generate them ephemerally and destroy them after use.
Rotation: Keys should be rotated periodically to limit the impact of undetected compromise. NIST recommends key rotation intervals based on usage volume and key type. Rotation requires seamless re-encryption of data under new keys without service interruption.
Revocation and destruction: When keys are compromised or no longer needed, they must be revoked (preventing further use) and destroyed (ensuring no recovery is possible). Cryptographic shredding is the ultimate form of key destruction—rendering all associated ciphertext permanently irrecoverable.

Stealth Cloud Relevance

Stealth Cloud takes the most aggressive possible position on key management: keys are ephemeral, client-side, and never stored. Every Ghost Chat session generates a unique AES-256-GCM key via the Web Crypto API in the user’s browser. That key exists only in browser memory for the duration of the session. It is never transmitted to the server. It is never written to localStorage, IndexedDB, or any persistent store. When the session ends, the CryptoKey object is released and the JavaScript garbage collector reclaims the memory.

This eliminates four of the five key management stages entirely. There is no distribution (the key never leaves the client). There is no storage (the key exists only in RAM). There is no rotation (each session uses a fresh key). There is no revocation (the key self-destructs). Only generation remains—and that is delegated to the browser’s CSPRNG, which sources entropy from the operating system.

The Stealth Cloud architecture achieves its security properties not by managing keys well, but by designing a system where the attack surface of key management is reduced to a single operation: generation. Every other stage of the lifecycle is eliminated by ephemerality.

The Stealth Cloud Perspective

The safest key is the one that exists for the shortest possible time in the fewest possible places. Stealth Cloud reduces that to one place (browser memory) and one duration (the session)—because the best key management strategy is to need almost none at all.