What happens when a key expires ?

Answers were Sorted based on User's Feedback



What happens when a key expires ?..

Answer / dalgin augustinr

Its possible to renew the key. For that agsin we have to
contact the CA which provide the key pair

Is This Answer Correct ?    2 Yes 0 No

What happens when a key expires ?..

Answer / ramkumar

In order to guard against a long-term cryptanalytic attack,
every key must have an expiration date after which it is no
longer valid (see Question 4.1.2.3). The time to expiration
must therefore be much shorter than the expected time for
cryptanalysis. That is, the key length must be long enough
to make the chances of cryptanalysis before key expiration
extremely small. The validity period for a key pair may
also depend on the circumstances in which the key is used.
The appropriate key size is determined by the validity
period, together with the value of the information
protected by the key and the estimated strength of an
expected attacker. In a certificate (see Question
4.1.3.10), the expiration date of a key is typically the
same as the expiration date of the certificate, though it
need not be.

A signature verification program should check for
expiration and should not accept a message signed with an
expired key. This means that when one's own key expires,
everything signed with it will no longer be considered
valid. Of course, there will be cases in which it is
important that a signed document be considered valid for a
much longer period of time. Question 7.11 discusses digital
timestamping as a way to achieve this.

After expiration, the old key should be destroyed to
preserve the security of old messages (note, however, that
an expired key may need to be retained for some period in
order to decrypt messages that are still outstanding but
encrypted before the key's expiration). At this point, the
user should typically choose a new key, which should be
longer than the old key to reflect both the performance
increase of computer hardware and any recent improvements
in factoring algorithms (see Question 4.1.2.1 for recent
key length recommendations).

However, if a key is sufficiently long and has not been
compromised, the user can continue to use the same key. In
this case, the certifying authority would issue a new
certificate for the same key, and all new signatures would
point to the new certificate instead of the old. However,
the fact that computer hardware continues to improve makes
it prudent to replace expired keys with newer, longer keys
every few years. Key replacement enables one to take
advantage of any hardware improvements to increase the
security of the cryptosystem. Faster hardware has the
effect of increasing security, perhaps vastly, but only if
key lengths are increased regularly (see Question 2.3.5).

Is This Answer Correct ?    1 Yes 0 No

Post New Answer

More Encryption Decryption Interview Questions

What happens if my key is lost ?

1 Answers  


How does one find random numbers for keys ?

1 Answers   TCS,


What is key management ?

0 Answers   Wipro,


Do encrypted files contain password in some form?

0 Answers  


Do digital signatures help detect altered documents and transmission errors?

0 Answers  






What is private key cryptography and how we compare it with public key cryptography?

0 Answers  


What is a zed encoder? How does it work?

0 Answers  


What is the mceliece cryptosystem?

0 Answers  


How Can I Find the XP Lost Password?

4 Answers  


Can the computer which has been used for encryption be traced?

4 Answers   Amazon, NetApp,


What is the elgamal cryptosystem?

0 Answers  


What is are "proprietary" and "public" cryptographic algorithms?

0 Answers  


Categories
  • Cryptography Algorithms Interview Questions Cryptography Algorithms (52)
  • Digital Certificates Interview Questions Digital Certificates (23)
  • Encryption Decryption Interview Questions Encryption Decryption (77)
  • Ciphers Interview Questions Ciphers (43)
  • Cryptography Protocols Interview Questions Cryptography Protocols (31)
  • Blockchain Interview Questions Blockchain (338)
  • Cryptography General Interview Questions Cryptography General (154)
  • Cryptography AllOther Interview Questions Cryptography AllOther (0)