Rekeying

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Rekeying a lock is replacing the old lock pins with new lock pins. Locks are usually re keyed to build master-key systems, make a set of locks share a common key, or to eliminate compromised keys. Sometimes worn pins are replaced with new pins if the old pins become too short to reach the shear-line. The shear-line is the thin line shared by the plug[1] and it's cylindrical housing. If a pin sits flush with the circumference of the plug it will allow lock rotation. Lock cylinders use different length pins in different combinations to create relatively unique key bitting. Most keys have 5 cuts from bow to tip. If a key has 5 cuts, the lock has 5 pins. Different brand locks each vary in many small ways, this is most true when servicing them. Many manufacturers offer product specific manuals[2]. Information disclosed in manufacturer manuals is often otherwise difficult to find, as is locksmith material in general.

Pins are manufactured in .003" increments and .005" increments, pin kits contain a array of pins organized by length. Lock manufacturers each use specific depth and spacing allowing organized master-key[3] systems to be complex, large, and manageable. A standard pin kit offers the exact size variety needed. Using manufacturer depths permits easy keying, but often you must deviate slightly for optimum accuracy. Pin kits provide master- wafers, top- pins, and springs for a thorough cylinder rebuild. Replace any worn parts, rekey, lubricate, and reassemble. Check to see that the keys work well, check remaining customer keys if any and reinstall.

To rekey a lock you have to first remove the lock cylinder from any housing it rests in. The lock cylinder must be disassembled, and the plug removed. Use a plug follower[4] to avoid dropping master-wafers, top pins and springs. The plug has cylindrical chambers spaced according to manufacturer specifications. Pins are contained in these chambers where they are pushed down by springs or raised by a key. Each cut sits under a chamber of its own, each pin sits on a cut of its own. Place the correct pins in each chamber, bringing the top of each new pin flush with the shear-line. Check the upper chambers using a master-follower for old unused master wafers and remove any. If any springs are noticeably weak or the lock was especially dirty replace the springs. If the old pins are rounded from use or otherwise show excessive wear replace springs. Reinsert the plug taking care not to drop top pins into any unused chamber. Test key, make slight adjustments if needed and reassemble.


Rekeying was first invented in 1836 by Solomon Andrews, a New Jersey locksmith. His lock had adjustable tumblers and keys, allowing the owner to rekey it at any time. Later in the 1850s, inventors Andrews and Newell patented removable tumblers which could be taken apart and scrambled. The keys had bits that were interchangeable, matching varying tumbler configurations. This arrangement later became the basis for combination locks.[5]

In cryptography[edit]

In cryptography, rekeying refers to the process of changing the session key -- the encryption key of an ongoing communication -- in order to limit the amount of data encrypted with the same key.

Roughly equivalent to the classical procedure of changing codes on a daily basis, the key is changed after a pre-set volume of data has been transmitted or a given period of time has passed.

In contemporary systems, rekeying is implemented by forcing a new key exchange, typically through a separate protocol like Internet key exchange (IKE). The procedure is handled transparently to the user.[citation needed]

A prominent application is Wi-Fi Protected Access (WPA), the extended security protocol for wireless networks that addresses the shortcomings of its predecessor, WEP, by frequently replacing session keys through the Temporal Key Integrity Protocol (TKIP), thus defeating some well-known key recovery attacks.

In Public Key Infrastructure, rekeying (or "re-keying") leads to issuance of new certificate[6] (in contrast to certificate renewal - issuance of new certificate for the same key, which is usually not allowed by CAs).

See also[edit]

References[edit]

External links[edit]