What happens to credentials on key rotation?


#1

Hello everyone,
I have a question about the impact of key rotation on issued credentials. Assume a credential has been issued to Alice by X. As I understood the Indy-SDK Getting-Started Guide the credentials are signed by the issuer using a private key which belongs to his public key on the ledger? If X decides some time in the future to rotate his keys, he will publish a new public key on the ledger? What impact is the rotation going to have on the already issued credentials? Could Alice still use her credential from X?

Thanks for your time and clarification


#2

Yes.

None, with the exception of the “compromise scenario” explained below.

Yes.

Compromise Scenario

The answers above assume normal key rotation and not key rotation forced because of a known compromise.

In the latter case, e.g., a private key being stolen, it is possible for unauthorized credentials to be issued using the compromised private key.

The solution is to revoke all credentials issued since the time of compromise and then reissue credentials to authorized subjects. If that time is not known with certainty, then revoke/reissue all credentials issued since the time of the last key rotation.

This explains why periodic key rotation is still recommended even with the other protections that Sovrin and DKMS (Decentralized Key Management System) provide.

For more details, see the DKMS Design and Architecture V3 document. Note that the DKMS team is working on adding advancements in the V4 version which should be out by the end of March 2019.