This repository has been archived by the owner on Dec 29, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 141
KeyStatus
Shawn Willden edited this page Mar 7, 2015
·
1 revision
Each KeyVersion has one of the following status values:
- Primary: This key can verify or decrypt existing data and can sign or encrypt new data.
- Active: This key can only verify or decrypt existing data.
- Inactive: This key can only verify or decrypt existing data and may be revoked at any time.
A primary key can only be demoted to an active key. An active key can be promoted to primary or made inactive. A key that is inactive can be promoted to active or removed entirely (i.e. revoked).
A key set can have at most one primary key at any time. Thus promoting an active key to be the new primary key automatically demotes the old primary key (if one exists) to an active key. Demoting a primary key has no effect on the rest of the key set. It is permissible for a key set to not have a primary key at all (e.g. a legacy key set of just active keys).
KeyStatus values are represented as the string "PRIMARY", "ACTIVE" or "INACTIVE", respectively.