Rekeying is changing a lock thus allowing a different key to operate it. Rekeying is done when a lock owner may be concerned that unauthorized people have keys to the lock. The lock may be altered by a locksmith thus only new keys will work. Rekeying is the relatively simple process of changing the tumbler or wafer configuration of the lock thus a new key will function while the old one will not. Rekeying is done without replacement of the entire lock.
Rekeying was first invented in 1836 by Solomon Andrews, a New Jersey locksmith. His lock had adjustable tumblers and keys, allowing the owner to rekey it at any time. Later in the 1850s, inventors Andrews and Newell patented removable tumblers which could be taken apart and scrambled. The keys had bits that were interchangeable, matching varying tumbler configurations. This arrangement later became the basis for combination locks.
||It has been suggested that this section be split out into another article. (Discuss) (February 2017)|
Roughly equivalent to the classical procedure of changing codes on a daily basis, the key is changed after a pre-set volume of data has been transmitted or a given period of time has passed.
In contemporary systems, rekeying is implemented by forcing a new key exchange, typically through a separate protocol like Internet key exchange (IKE). The procedure is handled transparently to the user.
A prominent application is Wi-Fi Protected Access (WPA), the extended security protocol for wireless networks that addresses the shortcomings of its predecessor, WEP, by frequently replacing session keys through the Temporal Key Integrity Protocol (TKIP), thus defeating some well-known key recovery attacks.
In Public Key Infrastructure, rekeying (or "re-keying") leads to issuance of new certificate (in contrast to certificate renewal - issuance of new certificate for the same key, which is usually not allowed by CAs).
- Phillips, Bill (2005). The Complete Book of Locks and Locksmithing. Chicago: McGraw-Hill Professional. p. 9. ISBN 0-07-144829-2.
- "Certificate Re-key". Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. IETF. p. 30. sec. 4.4.7. RFC 3647. https://tools.ietf.org/html/rfc3647#section-4.4.7.