Key Management: General 80

7.3 Suspended State

The use of a key or key pair may be suspended for several possible reasons; in the case of asymmetric key pairs, both the public and private keys shall be suspended at the same time. One reason for a suspension might be a possible key compromise, and the suspension has been issued to allow time to investigate the situation. Another reason might be that the entity that owns a digital signature key pair is not available e.g., is on an extended leave of absence; signatures purportedly signed during the suspension time would be invalid. A suspended key or key pair may be restored to an active state at a later time or may be deactivated or destroyed, or may transition to the compromised state. A suspended key shall not be used to apply cryptographic protection e.g., encrypt plaintext or generate a digital signature. However, a suspended key could be used to process information that was protected prior to the suspension e.g., decrypt ciphertext or verify a digital signature, but the recipient must accept the risk in doing so e.g., the recipient must understand the reason and implications of the suspension. For example, if the reason for the suspension is because of a suspected compromise, it may not be prudent to verify signatures using the public key unless the key pair is subsequently reactivated. Information for which protection is known to be applied during the suspension period shall not be processed until leaving the suspended state, at which time its processing depends on the new state. Transition 9: Several key types transition from the suspended state to the destroyed state if no compromise has been determined. Private signature keys and private authentication keys in the suspended state shall transition to the destroyed state at the end of their originator-usage periods e.g., when the notAfter dates are reached on the last certificate issued for the corresponding public keys. Note that the corresponding public keys transition to the deactivated state at this time see transition 12. Symmetric master keys and symmetric authorization keys in the suspended state shall transition to the destroyed state at the end of their originator-usage periods 37 . Private authorization keys in the suspended state shall transition to the destroyed state at the end of their originator-usage periods i.e., when the notAfter dates are reached on the last certificate issued for the corresponding public keys. Public authorization keys should transition to the destroyed state when the corresponding private keys are destroyed 38 . The date and time of the transition shall be recorded. Transition 10: A key or key pair in the suspended state shall transition to the active state when the reason for the suspension no longer exists, and the end of the originator- usage period has not been reached. 37 Recall that the recipient-usage periods of symmetric key-agreement keys and symmetric authorization keys are the same as their originator-usage periods see Section 5.3.6. 38 Recall that the cryptoperiods of the private and public authorization keys are the same see Section 5.6. Key Management: General 81 In the case of symmetric keys, the transition needs to be made before the end of the keys originator-usage period. For asymmetric keys, the transition needs to be made, for example, before the notAfter date on the last certificate issued for the public key. In this case, both the private and public key shall transition at the same time. The date and time of the transition should be recorded. Transition 11: A key or key pair in the suspended state shall transition to the compromised state when the integrity of the key or the confidentiality of a key requiring confidentiality protection becomes suspect or is confirmed. In this case, the key or key pair shall be revoked. In the case of asymmetric key pairs, both the public and private keys shall be transition at the same time. The date and time of the transition shall be recorded. If the key is known by multiple entities, a revocation notice shall be generated. Transition 12: Several key types transition from the suspended state to the deactivated state if no compromise has been determined and the suspension is no longer required. Symmetric authentication keys, symmetric data encryptiondecryption keys, and symmetric key-wrapping keys shall transition to the deactivated state when the ends of their originator-usage periods have been reached. Public signature verification keys, public authentication keys, and privatepublic static key-agreement key pairs 39 transition to the deactivated state at the end of the private keys originator-usage period e.g., when the notAfter date is reached on the last certificate issued for the public key. Public ephemeral key- agreement keys and public authorization keys transition to the deactivated state if they have not been destroyed when the corresponding private keys were destroyed see transition 9. A privatepublic key-transport key pair transitions to the deactivated state at the end of the key pairs cryptoperiod e.g., when the notAfter date is reached on the last certificate issued for the public key. The date and time of the transition should be recorded.

7.4 Deactivated State