Data Encryption Key (DEK)
Definition - What does Data Encryption Key (DEK) mean?
Techopedia explains Data Encryption Key (DEK)
The time period for storing data prior to its retrieval may vary significantly, and some data may be kept for many years or even decades prior to accessing it. In order to ensure that the data is still available, DEKs may also have to be retained for very long periods. A key-management system provides life-cycle supervision for every DEK generated by an encryption engine. Key-management systems are usually offered by third-party vendors.
Regardless of the life-cycle length, there are four levels in a DEK life cycle:
- The key is created using the crypto module of the encryption engine.
- The key is then provided to a key vault and to various other encryption engines.
- This key is utilized for encrypting and decrypting data.
- The key is then suspended, terminated or destroyed.
A DEK may be customized to expire during a particular time frame in order to prevent data from being compromised. Under such circumstances, it should be used once more for decrypting the data and then the resulting clear text is encrypted with the help of a new key (re-keyed).