Key strength can be measured as "bits of security" as described in the documentation of NIST and other organizations. Each individual key will have its "bits of security" computed, then the different key types (AES, DES, ECC, RSA, HMAC ) can then have their relative strengths compared on a single scale. When the raw value of a particular key falls between discreet values of the NIST table the lower value from the table will be used as the "bits of security".
The following tables show some examples of the restrictions due to key strength. When wrapping an HMAC key with an AES key-encrypting key, the strength of the AES key-encrypting key depends on the attributes of the HMAC key.
Key-usage field 2 in the HMAC key | Minimum strength of AES EXPORTER to adequately protect the HMAC key |
---|---|
SHA-256, SHA-384, SHA-512 | 256 bits |
SHA-224 | 192 bits |
SHA-1 | 128 bits |
Bit length of AES key to be exported | Minimum strength of RSA wrapping key to adequately protect the AES key |
---|---|
128 | 3072 |
192 | 7860 |
256 | 15360 |