The cryptographic key management system (CKMS) consists of policies, procedures, components and devices that are used to protect, manage, and distribute cryptographic keys and certain specific information, called metadata. A CKMS includes all devices or sub-systems that can access an unencrypted key or its metadata. Encrypted keys and their cryptographically protected metadata can be handled by computers and transmitted through communications systems and stored in media that are not considered to be part of a CKMS.
Figure 1 - An example of a CKMS using split key administration.
Figure 1 shows a CKMS managing the organization's keys. Many industry regulations require organizations to control their own keys, which can be done on-premise or from a trusted third-party service. It shows the requirement for multiple administrators to accomplish management tasks requiring multiple split keys to perform a cryptographic operation.