Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 18 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
A stale key is a cryptographic key (either a signing key or pre-rotated key) that has become outdated or expired within the KERI key management lifecycle. Once a key becomes stale through the rotation process, it loses its authoritative status and should no longer be used for cryptographic operations such as signing new key events or securing data.
In KERI's architecture, keys become stale when a subsequent establishment event (specifically a rotation event) successfully rotates the key state, replacing the current signing keys and pre-rotated keys with new key sets. This rotation mechanism is fundamental to KERI's security model and enables forward security properties.
Within KERI's key management infrastructure, the concept of stale keys is critical for maintaining security through proper key rotation practices. The KEL (Key Event Log) provides a verifiable history of all key state changes, making it possible to determine precisely when a key became stale by examining the sequence of establishment events.
When a performs a rotation, the previous signing keys immediately become stale, while the pre-rotated keys that were committed to in the prior establishment event become the new current keys. This mechanism provides security by ensuring that even if current keys are compromised, an attacker cannot forge a valid rotation event without access to the pre-rotated keys.
Implementations must maintain clear tracking of which keys are current versus stale at each point in the KEL. This requires:
When validating events, implementations must:
When implementing rotation operations:
Stale keys should be:
The concept of stale keys is directly related to dead attacks in KERI security analysis. A dead attack targets an establishment event after its key state has become stale due to a later rotation. Because the cryptographic authority has moved to new key sets, attacks on events using stale keys are inherently limited in effectiveness—they cannot be used to create valid new events in the current key state.
Similarly, a stale event is a key event involving expired encryption keys that may compromise security if not properly identified and rejected by validators. The KERI protocol's duplicity detection mechanisms help identify attempts to use stale keys to create fraudulent events.
Stale keys represent a critical security boundary in KERI:
In the ACDC credential ecosystem, stale keys affect credential issuance and verification. Credentials issued by an AID must be signed with current keys at the time of issuance. If a credential is signed with stale keys, it indicates either:
The TEL (Transaction Event Log) anchors credential state changes to the KEL, ensuring that credential operations are tied to the current key state and cannot be performed with stale keys.