In heterogeneous Key Management System (KMS) environment, there is generally no trust between the different entities. Therefore mother keys can't be exchanged and it is required to exchange random keys or derived keys instead of mother keys. Thus business needs to exchange a set of derived keys. Those keys are linked to business data (metadata) including at least data relative to an identifier. These metadata are useful to retrieve the identification, usage and origin of the set of keys.
In general, there are huge amounts of random or derived keys to exchange and there is a big issue to ensure integrity on this set of keys with metadata—not only the key cryptogram—to avoid replacing one key inside a set (For example: ENC/DEK/MAC used in SCP03).
Further alternative to the prior art and more advantageous solutions are, accordingly, be desirable to transport cryptographic material generated randomly or derived from a secret key.