Key Management: General 78

7.2 Active State

The key may be used to cryptographically protect information e.g., encrypt plaintext or generate a digital signature, to cryptographically process previously protected information e.g., decrypt ciphertext or verify a digital signature or both. When a key is active, it may be designated for protection only, processing only, or both protection and processing, depending on its type. For example, private signature keys and public key-transport keys are implicitly designated for only applying protection; public signature-verification keys and private key- transport keys are designated for processing only. A symmetric data-encryption key may be used to encrypt data during its originator-usage period and decrypt the encrypted data during its recipient-usage period see Section 5.3.5 . Transition 5: Several key types transition directly from the active state to the destroyed state if no compromise has been determined and either the keys cryptoperiod has been reached or the key has been replaced. Private signature keys and private authentication keys shall transition to the destroyed state at the end of their respective originator-usage periods e.g., when the notAfter dates are reached on the last certificate issued for the corresponding public keys. Note that the corresponding public keys transition to the deactivated state at this time; see transition 8. A symmetric RBG key shall transition to the destroyed state when replaced by a new key or when the RBG will no longer be used. Symmetric master keys and symmetric authorization keys shall transition to the destroyed state at the end of their respective originator-usage periods 34 . Private ephemeral key-agreement keys shall transition to the destroyed state immediately after use see [SP800-56A] . The corresponding public ephemeral key-agreement keys should transition to the destroyed state when the corresponding private keys are destroyed 35 . A private authorization key shall transition to the destroyed state at the end of its cryptoperiod e,g., when the notAfter dates is reached on the last certificate issued for the corresponding public key. A public authorization key should transition to the destroyed state when the corresponding private key is destroyed 36 . The date and time of the transition shall be recorded. Transition 6: A key or key pair shall transition from the active state to the compromised state when the integrity of the key or the confidentiality of a key requiring confidentiality protection becomes suspect. In this case, the key or key pair shall be revoked. 34 Recall that the recipient-usage periods of symmetric key-agreement keys and symmetric authorization keys are the same as their originator-usage periods see Section 5.6 . 35 Recall that the cryptoperiods of the private and public authentication keys are the same see Section 5.6 . 36 Recall that the cryptoperiods of the private and public authorization keys are the same see Section 5.6 . Key Management: General 79 In the case of asymmetric key pairs, the compromise pertains explicitly to the private key of the key pair, but both keys shall transition to the compromised state at the same time. For example, when a private signature key or private key-transport key is either compromised or suspected of being compromised, the corresponding public key also needs to transition to the compromised state. The date and time of the transition shall be recorded. If the key is known by multiple entities, a revocation notice shall be generated. Transition 7: A key or key pair shall transition from the active state to the suspended state if, for some reason, the key is not to be used for a period of time. For example, a key may be suspended because the entity associated with the key is on a leave of absence. In the case of asymmetric keys, both keys of the key pair shall transition to the suspended state at the same time. Symmetric RBG keys shall transition to the compromised state and be replaced, rather than suspended. The date, time and reason for the suspension shall be recorded. If the key or key pair is known by multiple entities, a notification indicating the suspension and reason shall be generated. Transition 8: A key or key pair in the active state shall transition to the deactivated state when it is no longer to be used to apply cryptographic protection to data. The transition to the deactivated state may be because a symmetric key was replaced see Section 8.2.3 , because the end of the originator-usage period has been reached see Sections 5.3.4 and 5.3.5 or because the key or key pair was revoked for reasons other than a compromise e.g., the keys owner is no longer authorized to use the key. Symmetric authentication keys, symmetric data encryptiondecryption keys, symmetric key-agreement keys and key wrapping keys transition to the deactivated state at the end of the keys originator-usage period. Public signature verification keys, public authentication keys, and privatepublic static key-agreement key pairs, transition to the deactivated state at the end of the originator-usage period for the corresponding private key e.g., when the notAfter date is reached on the last certificate issued for the public key. Public ephemeral key-agreement keys and public authorization keys transition to the deactivated state if they have not been destroyed when the corresponding private keys were destroyed see transition 5. A private and public key-transport key pair transitions to the deactivated state when the notAfter date is reached on the last certificate issued for the public key. The date and time of the transition should be recorded. Key Management: General 80

7.3 Suspended State