With the exception of the initialization of the TPM and the HSM when SAKA is being installed, Key Custodians never have to be involved in the generation of cryptographic keys on the SAKA. All symmetric cryptographic keys are generated automatically based on the key duration policy and authorized requests for cryptographic services from applications.
Even when the key duration policy is changed—for example, from Daily to Weekly—the change goes into effect immediately and the next encryption request that comes into the appliance triggers the generation of a new symmetric key that conforms to the new key duration policy. However, any object encrypted with a specific key will always be decrypted with the correct key, regardless of what the key duration policy might have been at the time of encryption.
Copyright (c) 2001-2024 StrongAuth, Inc. (dba StrongKey) All Rights Reserved