This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Key Life cycle
Key Life cycle

Version management

Difference between version and

At line 1 added 32 lines
!!! Overview
[Key Life cycle] is the [{$pagename}] of the [state] of a [Key] as it transitions through the various [states] of the [Life cycle].As a key is [managed|Key Management] differently, depending upon its [state] in the [{$pagename}]. [{$pagename}] are defined from a system point-of-view, as opposed to the point-of-view of a single cryptographic module.
[{$pagename}] is defined in [NIST.SP.800-57]
!! Pre-activation State
The [Key Generation], but has not been [authorized] for use. In this state, the key may only be used to perform proof-of-possession or key confirmation. Other than for proof-of-possession or key-confirmation purposes, a key shall not be used to apply [cryptographic] protection to information (e.g., [encrypt] or [Digital Signature] or to process [cryptographically] protected information (e.g., decrypt ciphertext or verify a digital signature) while in this state.
!! Active State
The [key] may be used to cryptographically protect information (e.g., encrypt plaintext or generate a digital signature), to cryptographically process previously protected information (e.g., decrypt ciphertext or verify a digital signature) or both.
!! Suspended State
The use of a key or key pair may be suspended for several possible reasons; in the case of asymmetric key pairs, both the public and private keys shall be suspended at the same time. One reason for a suspension might be a possible key compromise, and the suspension has been issued to allow time to investigate the situation. Another reason might be that the entity that owns a digital signature key pair is not available (e.g., is on an extended leave of absence); signatures purportedly signed during the suspension time would be invalid.
!! Deactivated State
Keys in the deactivated state shall not be used to apply cryptographic protection, but in some cases, may be used to process cryptographically protected information.
!! Compromised State
Generally, [keys] are compromised when they are released to or determined by an [unauthorized] [entity]. A compromised key shall not be used to apply cryptographic protection to [data].
However, in some cases, a compromised key or a public key that corresponds to a compromised [Private Key] of a [Key pair] may be used to process cryptographically protected information. For [example], a signature may be verified to determine the integrity of signed data if its signature has been physically protected since a time before the compromise occurred. This processing shall be done only under very highly controlled conditions, where the users of the information are fully aware of the possible consequences.
Compromised State may require [Key Revocation]
!! [Destroyed State|Key Deletion]
The key has been destroyed. Even though the key no longer exists when in this state, certain key metadata (e.g., key state transition history, key name, type, and cryptoperiod) may be retained for audit purposes. It is possible that a compromise of the destroyed key could be determined after the key has
been destroyed. In this case, the compromise should be recorded.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop