![]() ![]() If the application developer has disabled automatic key generation, then the data protection system must choose something as the default key. The general idea is that new keys may have been configured with different algorithms or encryption-at-rest mechanisms than old keys, and the system should prefer the current configuration over falling back. The reason the data protection system generates a new key immediately rather than falling back to a different key is that new key generation should be treated as an implicit expiration of all keys that were activated prior to the new key. (There's a small fudge factor to allow for server-to-server clock skew.) If the key is expired or revoked, and if the application has not disabled automatic key generation, then a new key will be generated with immediate activation per the key expiration and rolling policy below. The general heuristic is that the data protection system chooses the key with the most recent activation date as the default key. ![]() The default key is used for new Protect operations. When the data protection system reads the key ring from the backing repository, it will attempt to locate a "default" key from the key ring. Deleting a key is truly destructive behavior, and consequently the data protection system exposes no first-class API for performing this operation. At that point, all data protected by the key is permanently undecipherable, and there's no emergency override like there's with revoked keys. The developer might be tempted to delete a key from the key ring (e.g., by deleting the corresponding file from the file system). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |