1 hour 43 minutes
Welcome back, everyone. Let's proceed with learning about key rotation.
He rotation is part of encryption key management, where a new cryptographic key is generated to replace a previously generated key after a certain time or event, which is based on its key life cycle.
Each time a new key is generated,
it is marked as the primary version and in the active state,
the previous keys will be marked as retired.
AKI's life cycle is determined on a period during which a key is active or authorized for use.
It is commonly practiced by cloud companies for data protection to their end users. However, key rotation could be used on premise or on cloud.
The key should be able to withstand the tax during its life cycle, hence has strong encryption applied to it,
and key rotation can be regular or irregular. We'll discuss the differences later in the course.
He rotation is one of many security best practices as it restricts the number of times it is used in a specific key version.
The benefit of cube rotation is limiting the duration off time in which a key is actively used to encrypt data.
It is also recommended to limit the life cycle of a key by the National Institute of Standards and Technology for enhanced security.
It prepares your system to use a stronger encryption each time a new key is generated,
and it reduces risk in the event the key may be compromised because of its purpose of rotating keys after a certain time or event.
Now, let's discuss the key rotation methods, regular rotation and irregular rotation.
Regular rotation or time based rotation is when the key is rotated after a certain time period.
For our example, we will look at a period of three months. Starting from October.
Each generated active key will be used for encrypting data,
and the key from the previous month will be retired.
However, it is worth noting that even though the key has retired, it can still be available for only the recipient to still decrypt data.
For example, the retired key used for the month of October can still be used to decrypt data for that month only you may decide to destroy the key so that they will no longer be used for encryption or decryption.
Irregular rotation is when the key rotates based on an event that triggers that rotation, in example, could be if the key is determined to be compromised. Hence with such a trigger. If such events happen,
the key will retire
and generate a new key version, which would have a stronger encryption than its previous version.
After a new cryptographic key hasn't generated
what will happen to the retired key.
It can still be used for decrypting data.
All right, so to recap on key rotation, we discussed its features. How it contributes an encryption key management,
and we learned about regular and irregular key rotation.
Now let's head on over to our next topic remote access technologies.