Key management

Key Lifecycle Management

3min

The Dynamic Key Lifecycle Service revolutionizes how you control cryptographic keys within your enterprise. This flexible platform grants you seamless power over key generation, storage, distribution, and life cycle management.

Let us help you unlock a new level of security and efficiency in your key management practices.

Key features

This integration has the following features:

  • Customizable key generation: Define precise rules dictating how keys are created. Determine their source (Randomly Generated, XOR Components, KTK Import, Password Protected), the required number of approvals, and key type (various symmetric and asymmetric key types and purposes are supported).
  • Automated Distribution: Streamline key delivery. Export options include:
    • None
    • Web hook: Leverage encrypted webhooks with Key Transport Keys (KTKs) for seamless transmission to designated systems.
  • Print components: Securely print the individual components of the key, such as key shares or fragments, on separate paper documents for distribution and secure physical storage.
  • Print key block: Print the entire key block, which includes the encrypted key and associated metadata, on a single paper document for offline backup and recovery purposes, suitable for secure physical storage.
  • Comprehensive Lifecycle Management: Predetermine and automate the following key states:
    • Active: Set active usage periods (such as 1 year).
    • Archived: Move keys to secure storage for a defined period (such as 6 months) for potential reactivation. While archived, these keys can continue signing and verifying as needed, but they cannot be used to encrypt or decrypt.
    • Deactivated: Temporarily deactivate keys and either re-activate them in the future or destroy them.
    • Destroyed: Permanently revoke and destroy keys.

Benefits of integration

Integrating with provides the following benefits:

  • Enhanced security: Granular control over key life cycles lessens the risk of exposure, ensuring the integrity of your sensitive data.
  • Streamlined compliance: Automated archival and deactivation align with industry regulations and streamline audit processes.
  • Flexible integration: Seamlessly integrate the service into your existing infrastructure by using printed key blocks (or components) or webhooks to external systems.
  • Reduced operational overhead: Automated processes minimize manual key management tasks, saving time and resources.

Important terms

The following list defines some important Key Lifecycle Management terms:

  • HSM (Hardware Security Module): A physical computing device that safeguards and manages digital keys for strong authentication and provides crypto processing.
  • KEK (Key Encryption Key): A key used to encrypt other keys.
  • KCV (Key Check Value): A checksum value that verifies the integrity of the key.
  • Cryptogram: An encrypted key block with no padding.
  • TR-31: A standard format for key blocks used in the financial industry. It is now referred to as ANSI x9.143.
  • AKB (ANSI Key Block): A key block format used by Atalla HSMs.
  • UUID (Universally Unique Identifier): A 128-bit number that identifies information uniquely.



Updated 04 Dec 2024
Did this page help you?
PREVIOUS
Test PKI operations
NEXT
Key component loading
Docs powered by Archbee