Which statement about generation of strong crypto keys is required?

• A. The procedures require to share keys publicly
• B. The procedures specify only the length of keys
• C. The procedures allow random strings as keys
• D. The procedures specify how to generate strong keys

Answer: (D)

Generating strong cryptographic keys requires a clearly defined procedure that specifies how those keys are created. Merely giving a key length or allowing any random string doesn’t guarantee strength; the randomness source, algorithm, and overall generation method all determine how unpredictable and resistant the key is to attacks. A documented process ensures keys are created with adequate entropy, use appropriate cryptographic algorithms, and align with the intended use, while also enabling auditability and consistent security practices. Sharing keys publicly is insecure and undermines protection, and relying on random strings without a vetted generation method can lead to weak or nonstandard keys. By specifying how to generate strong keys, the procedures ensure keys truly meet the desired security properties and can be trusted across systems and processes.