Key and certificate states

Cryptographic objects, in their lifetime, transition through several states that are a function of how long the keys or certificates are in existence and whether data is protected. Other factors also affect the state of a cryptographic object, such as whether the key or certificate is compromised.

IBM® Security Guardium® Key Lifecycle Manager maintains these cryptographic object states.

Figure 1. Cryptographic object states
Cryptographic object states

The state of a key or certificate defines the allowed usage:

A certificate request entry is pending the return of a certificate that is approved and certified by a certificate authority.
Object exists but is not yet usable for any cryptographic purpose, such as migrated certificates with a future use time stamp.
Object is in operational use for protecting and processing data that might use Process Start Date and Protect Stop Date attributes. For example, protecting includes encryption and signature issue. Processing includes decryption and signature verification.
The security of the object is suspect for some reason. A compromised object never returns to an uncompromised state, and cannot be used to protect data. Use the object only to process cryptographically protected information in a client that is trusted to handle compromised cryptographic objects.

IBM Security Guardium Key Lifecycle Manager retains the state of the object immediately before it was compromised. To process data that was previously protected, the compromised object might continue to be used.

Object is not to be used to apply cryptographic protection such as encryption or signing. However, if extraordinary circumstances occur, the object can be used with special permission to process cryptographically protected information. For example, processing includes decryption or verification.
Object is no longer usable for any purpose. This status causes the object to be removed from the product.
Object is no longer usable for any purpose. This status causes the object to be removed from the product.

An object that is no longer active might change states from:

  • Deactivated to destroyed.
  • Deactivated to compromised.
  • Compromised to destroyed-compromised.
  • Destroyed to destroyed-compromised.