凡是密码数据系统,都需具备加密与脱密两种互反的基本操作。有效密钥管理操作是利用加/脱密操作将密钥“从用一种密钥加密变换成用到另一种密钥加密”,它能消除这两种操作互反的特性。使这种不可逆或单向性得以实现的方法有两种,一种是每次传输使用不同主密钥,另一种是从单一的主密钥派生出不同的密钥。对后者作了深入分析,讨论了一种比较有效的方法。 Any password data system, must have both encryption and decryption of the opposite of the basic operation. Effective key management is the use of encryption / decryption operation of the key “from one key encryption to another key encryption”, it can eliminate the opposite of these two features. There are two ways to make this kind of irreversibility or unidirectionality. One is to use different master keys for each transfer, and the other is to derive different keys from a single master key. The latter is analyzed in depth, and a more effective method is discussed.