Overview#Key Life cycle is the Key Life cycle of the state of a Key as it transitions through the various states of the Life cycle.
As a key is managed differently, depending upon its state in the Key Life cycle. Key Life cycle are defined from a system point-of-view, as opposed to the point-of-view of a single cryptographic module.
Key Life cycle is defined in NIST.SP.800-57
Pre-activation State#The key has been generated, but has not been authorized for use. In this state, the key may only be used to perform proof-of-possession or key confirmation. Other than for proof-of-possession or key-confirmation purposes, a key shall not be used to apply cryptographic protection to information (e.g., encrypt or Digital Signature or to process cryptographically protected information (e.g., decrypt ciphertext or verify a digital signature) while in this state.
Active State#The key may be used to cryptographically protect information (e.g., encrypt plaintext or generate a digital signature), to cryptographically process previously protected information (e.g., decrypt ciphertext or verify a digital signature) or both.
Suspended State#The use of a key or key pair may be suspended for several possible reasons; in the case of asymmetric key pairs, both the public and private keys shall be suspended at the same time. One reason for a suspension might be a possible key compromise, and the suspension has been issued to allow time to investigate the situation. Another reason might be that the entity that owns a digital signature key pair is not available (e.g., is on an extended leave of absence); signatures purportedly signed during the suspension time would be invalid.
Deactivated State#Keys in the deactivated state shall not be used to apply cryptographic protection, but in some cases, may be used to process cryptographically protected information.
Compromised State#Generally, keys are compromised when they are released to or determined by an unauthorized entity. A compromised key shall not be used to apply cryptographic protection to information.
However, in some cases, a compromised key or a public key that corresponds to a compromised private key of a key pair may be used to process cryptographically protected information. For example, a signature may be verified to determine the integrity of signed data if its signature has been physically protected since a time before the compromise occurred. This processing shall be done only under very highly controlled conditions, where the users of the information are fully aware of the possible consequences.