3.5.2 Store secret and private keys used to encrypt/decrypt cardholder data in one (or more) of the following forms at all times:
• Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the data- encrypting key
• Within a secure cryptographic device (such as a host security module (HSM) or PTS-approved point-of-interaction device)
• As at least two full-length key components or key shares, in accordance with an industry- accepted method
Note: It is not required that public keys be stored in one of these forms.
3.5.2.a Examine documented procedures to verify that cryptographic keys used to encrypt/decrypt cardholder data must only exist in one (or more) of the following forms at all times.
• Encrypted with a key-encrypting key that is at least as strong as the data-encrypting key, and that is stored separately from the data-encrypting key
• Within a secure cryptographic device (such as a host security module (HSM) or PTS-approved point-of- interaction device)
• As key components or key shares, in accordance with an industry-accepted method
3.5.2.b Examine system configurations and key storage locations to verify that cryptographic keys used to encrypt/decrypt cardholder data exist in one (or more) of the following form at all times.
• Encrypted with a key-encrypting key
• Within a secure cryptographic device (such as a host security module (HSM) or PTS-approved point-of- interaction device)
• As key components or key shares, in accordance with an industry-accepted method
3.5.2.c Wherever key-encrypting keys are used, examine system configurations and key storage locations to verify:
• Key-encrypting keys are at least as strong as the data- encrypting keys they protect
• Key-encrypting keys are stored separately from data- encrypting keys.
Cryptographic keys must be stored securely to prevent unauthorized or unnecessary access that could result in the exposure of cardholder data.
It is not intended that the key-encrypting keys be encrypted, however they are to be protected against disclosure and misuse as defined in Requirement 3.5. If key-encrypting keys are used, storing the key-encrypting keys in physically and/or logically separate locations from the data- encrypting keys reduces the risk of unauthorized access to both keys.