Skip to main content


Home Key encryption key

Key encryption key

(also KEK)

Key encryption key definition

A key encryption key, often shortened as KEK, is a cryptographic key that protects other keys. KEKs provide an extra security layer that is essential when cryptographic keys are sent or stored. Even if a hacker manages to get a key that’s been encrypted by KEK, they won’t be able to use it.

See also: encryption key, cryptographic key, AES encryption, SSL encryption, transport layer, secure shell

The history of key encryption keys

Key encryption keys have grown in importance with the rise of online communication and the internet.

One of the first times key encryption keys were used was with the Data Encryption Standard, which provided a way to lock electronic data using a single key.

As more sensitive information started to be shared and kept online, standards like the Advanced Encryption Standard (AES), Secure Sockets Layer (SSL), and Transport Layer Security (TLS) started using key encryption keys in their systems.

In modern-day cryptography, KEKs provide security for many areas, including secure email, Secure Shell (SSH), internet protocols, and hardware security modules (HSMs).