Key Management Key (Optional)

This key may be generated on the PIV Card or imported to the card. If present, the key management key must only be accessible using the contact interface of the PIV Card. Private key operations may be performed using an activated PIV Card without explicit user action (e.g., the PIN need not be supplied for each operation). This key is sometimes called an encryption key or an encipherment key.

The PIV Card shall import and store a corresponding X.509 certificate to support validation of the key management key.