A wide-area measurement system (WAMS) is a system that provides a time-synchronized view of electrical conditions over a large geographical area, thereby enhancing the situational awareness of the energy management system of a power grid. With this enhanced situational awareness, utilities would be able to react promptly to contingencies, and prevent large-scale blackouts. To secure WAMS communications, we propose WAMS key management (WAKE), a comprehensive key management scheme targeting a concrete set of security objectives derived from NIST's security impact level ratings. For security objectives involving unicast, WAKE employs industry- standard security protocols. For security objectives involving multicast, we show the scheme standardized by the IEC is inadequate, and identify multicast authentication as a requirement. We investigate two recent multicast authentication schemes designed for power grid communications: TV-HORS and tunable signing and verification (TSV), which supposedly improves on TV-HORS. We show that TSV is vulnerable, and propose a patched version of TSV called TSV+. Systematic comparison of TV-HORS and TSV+ shows that TV-HORS provides significantly more efficient signing and verification for the same security level at the expense of signature size. Consequently, TV-HORS is chosen as part of WAKE for multicast authentication.