KeyStatus

Shawn Willden edited this page Mar 7, 2015 · 1 revision

Key Status

Each KeyVersion has one of the following status values:

  • Primary: This key can verify or decrypt existing data and can sign or encrypt new data.
  • Active: This key can only verify or decrypt existing data.
  • Inactive: This key can only verify or decrypt existing data and may be revoked at any time.

A primary key can only be demoted to an active key. An active key can be promoted to primary or made inactive. A key that is inactive can be promoted to active or removed entirely (i.e. revoked).

A key set can have at most one primary key at any time. Thus promoting an active key to be the new primary key automatically demotes the old primary key (if one exists) to an active key. Demoting a primary key has no effect on the rest of the key set. It is permissible for a key set to not have a primary key at all (e.g. a legacy key set of just active keys).

JSON Representation

KeyStatus values are represented as the string "PRIMARY", "ACTIVE" or "INACTIVE", respectively.

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.