Key and certificate states

Cryptographic objects, in their lifetime, transition through several states that are a function of how long the keys or certificates are in existence and whether data is protected. Other factors also affect the state of a cryptographic object, such as whether the key or certificate is compromised.

IBM Security Guardium Key Lifecycle Manager maintains these cryptographic object states.

Figure 1. Cryptographic object states
Cryptographic object states

The state of a key or certificate defines the allowed usage:

pending
A certificate request entry is pending the return of a certificate that is approved and certified by a certificate authority.
pre-active
Object exists but is not yet usable for any cryptographic purpose, such as migrated certificates with a future use time stamp.
active
Object is in operational use for protecting and processing data that might use Process Start Date and Protect Stop Date attributes. For example, protecting includes encryption and signature issue. Processing includes decryption and signature verification.
compromised
The security of the object is suspect for some reason. A compromised object never returns to an uncompromised state, and cannot be used to protect data. Use the object only to process cryptographically protected information in a client that is trusted to handle compromised cryptographic objects.

IBM Security Guardium Key Lifecycle Manager retains the state of the object immediately before it was compromised. To process data that was previously protected, the compromised object might continue to be used.

deactivated
Object is not to be used to apply cryptographic protection such as encryption or signing. However, if extraordinary circumstances occur, the object can be used with special permission to process cryptographically protected information. For example, processing includes decryption or verification.
destroyed
Object is no longer usable for any purpose. This status causes the object to be removed from the product.
destroyed-compromised
Object is no longer usable for any purpose. This status causes the object to be removed from the product.

An object that is no longer active might change states from:

  • Deactivated to destroyed.
  • Deactivated to compromised.
  • Compromised to destroyed-compromised.
  • Destroyed to destroyed-compromised.