Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
7 Key States and Transitions<br />
A key may pass through several states between its generation and its destruction.<br />
March, 2007<br />
7.1 Key States<br />
A key is used differently depending upon its state in the life cycle. Key states are defined from a<br />
system point of view, as opposed to a single cryptomodule point of view.<br />
1. Pre-activation state: The key has been generated, but is not yet authorized for use. In<br />
this state the key may only be used to perform proof of possession or key confirmation<br />
(see Section 8.1.5.1.1.2 and Section 4.2.5.5). Other than for proof of possession (Section<br />
8.1.5.1.1.2) or key confirmation (Section 4.2.5.5) purposes, a key is not used to apply<br />
cryptographic protection to information (e.g., encrypt or sign information to be<br />
transmitted or stored) while in this state. Other than for proof of possession or key<br />
confirmation purposes, the key is not used to process cryptographically protected<br />
information (e.g., decrypt ciphertext or verify a digital signature) while in this state.<br />
2. Active state: The key may be used to cryptographically protect information or to<br />
cryptographically process previously protected information (e.g., decrypt ciphertext or<br />
verify a digital signature) or both. When a key is active, it may be designated to protect<br />
only, process only, or both protect and process. Private signature generation keys are<br />
implicitly designated as protect only; public signature verification keys are designated as<br />
process only. A symmetric data encryption key may be used for a predetermined period<br />
of time to both encrypt and decrypt information. When that period expires, the key may<br />
transition to process only (See Section 5.3.4.2) within the active state.<br />
3. Deactivated state: A key whose cryptoperiod has expired but is still needed to perform<br />
cryptographic processing is deactivated until it is destroyed. A deactivated key is not used<br />
to apply cryptographic protection to information, but in some cases it may be used to<br />
process cryptographically protected information. When a key in the deactivated state is<br />
no longer required for processing cryptographically protected information, the key is<br />
destroyed (see Section 8.3.4).<br />
4. Destroyed state: The key is destroyed as specified in Section 8.3.4. Even though the key<br />
no longer exists in this state, certain key attributes (e.g., key name, type, and<br />
cryptoperiod) may be retained (see Section 8.4).<br />
5. Compromised state: <strong>General</strong>ly, keys are compromised when they are released to or<br />
determined by an unauthorized entity. If the integrity or secrecy of the key is suspect, the<br />
compromised key is revoked (see Section 9.3.4). This state may be entered from all states<br />
except the destroyed and destroyed compromised states. A compromised key is not used<br />
to apply cryptographic protection to information. In some cases, a compromised key may<br />
be used to process cryptographically protected information, even though the<br />
confidentiality, integrity, non-repudiation or associations of the information may be<br />
suspect. For example, a signature may be validated if it can be shown that the signed data<br />
with its signature has been physically protected since a time before the compromise<br />
occurred. This processing is done only under very highly controlled conditions where the<br />
users of the information are fully aware of the possible consequences.<br />
85