LOCKMA: Lincoln Open Cryptographic Key Management


This technology is a self-contained software-based cryptography and key-management solution that is applicable to any crypto-based system or device, including small, embedded devices such as microcontrollers and field-programmable gate arrays (FPGAs), and software systems.

Problem Addressed

Modern cryptography offers a variety of encryption schemes for the protection of information.Each scheme requires keys to encrypt and decrypt information. Encryption works by scrambling information into unintelligible ciphertext by using an encryption algorithm and a short cryptographic key. Decryption restores original information from ciphertext by using a complementary decryption algorithm and a decryption key. Although many efficient and ironclad secure encryption solutions have been standardized, these solutions are not universally used or embedded in miniature devices and computer systems. The main reason is the lack of generic, easy-to-deploy, and easy-to-use solutions for key management (KM). The MIT Lincoln Laboratory Open Cryptographic Key Management Architecture (LOCKMA) solves the KM problems by providing a highly portable software library that serves as a foundation for a secure communication system.


The fundamental challenge that LOCKMA solves is the complex life cycle of cryptographic keys, thereby enabling broad employment of cryp­tographic protections in devices. For a given key, some of the KM functions involve cryptographic algorithms and other keys. Thus, a given device or system may have to deal with numer­ous keys for different users, different sessions, different communication channels, different communicants, or different data instances. It is this com­plexity of key management that has prevented the proliferation of stan­dard cryptographic solutions into the mainstream. 

LOCKMA offers the following KM functionality to its applications: 

  • Creating cryptographic keys 
  • Associating keys with their purposes 
  • Protecting keys at rest in both vola­tile and nonvolatile memory 
  • Making the keys available for autho­rized encryptions and authorized decryptions 
  • Delivering keys securely to autho­rized remote locations 
  • Archiving keys 
  • Evolving keys with time 
  • Retiring expired keys

In short, LOCKMA enables cryptographic protections of static and dynamic data through key management


  • Application agnostic, user-friendly, simple to apply to a multitude of problems, and transparent to higher-level user-defined software development
  • Usable: small, intuitive programming interface to its KM functions
  • Extensible: LOCKMA’s open architecture can be easily integrated into existing and new devices and can be extended to use new cryptographic algorithms, modes, or key lengths in a straightforward manner