Key Deactivation

A deactivated key is one that is no longer needed for encryption. Keys are deactivated for the following reasons:

Keys are deactivated during the regeneration process.
The key has been compromised and is no longer secure. The concept of a compromised key is documented in the FIPS 140-2 standard as one of a number of possible key states. Marking a key as compromised provides a special indication that the key may have been exposed outside the intended security community.