Private key states
Use this topic to understand the various transition states of a private key.
A private key transitions through several states from the time that it is generated until the time it is destroyed. The following list includes an explanation of each state.
- Pre-activation state:
- This state applies to a key when it has been generated; but, has not been authorized for use. This occurs when a CSR and private key are generated; but, the corresponding signed certificate has not been imported. In this state the private key is considered to be in the pre-activation state. In this state the key is not used to encrypt or sign information.
- Active state:
- This state occurs after a key is generated and the corresponding certificate is installed. In this state the key can be used to encrypt and sign information. All keys that have been used at least once and have not been destroyed are in an active state. This applies to the majority of keys in the server.
- Deactivated state:
- This state applies to a key whose crypto-period has expired; but, the key has not been destroyed. The key is in the deactivated state until it is destroyed. The deactivated but not destroyed state does not apply to any keys on System x management devices and the CMM.
- Destroyed state:
- This state applies to all keys that are no longer in use.
- Compromised/Destroyed compromised state:
- A private key is in a compromised state when it is known by an unauthorized person. If a private key is thought to be compromised, it should be revoked by the certificate authority that issued the certificate associated with the key.
- A key that is active (based on the description for the active state); but, revoked by the certificate authority is considered to be in a compromised state.
- A key that is destroyed and also revoked by the certificate authority is considered to be in a destroyed compromised state.
Give feedback