Cryptography
Master Key
Also known as: Root key, Master encryption key (MEK)
Definition
A high-value long-term key from which other cryptographic keys are derived or which directly encrypts other keys.
Examples
- An AWS KMS customer master key (CMK) wraps data keys used by S3 server-side encryption.
- A BIP32 hierarchical-deterministic wallet derives all account keys from a single master seed.
Related terms
Cryptographic Key
A high-entropy secret or public value that parameterizes a cryptographic algorithm to encrypt, decrypt, sign or authenticate data.
Session Key
A short-lived symmetric key used to protect a single communication session and then discarded.
Key Derivation Function (KDF)
A cryptographic function that derives one or more strong cryptographic keys from a secret input such as a password, shared secret or master key.
Key Rotation
The periodic replacement of cryptographic keys with new ones to limit the volume of data protected by any single key and contain the impact of compromise.
Key Escrow
An arrangement in which copies of cryptographic keys are stored with a trusted third party so they can be recovered by authorized entities under defined conditions.
Encryption
The cryptographic transformation of plaintext into ciphertext using an algorithm and key so that only authorized parties can recover the original data.