3.7 Client Key Management

Clients persist device key pairs indefinitely until a DeviceRevoke or DeviceKeyRotate occurs. Device keys are never transmitted to any other device or the server. They may sometimes be lost after a disk corruption or operating system reinstall. In this case, the user must go through the provisioning process once again as a new device would.

---

The text is likely from a cybersecurity document explaining how fingerprints of sighchains are used for security measures, including preventing man-in-the-middle (MitM) attacks during the device approval process. It also discusses client key management, specifically how secret keys are stored on a device and the procedures followed when keys need to be replaced or have been compromised.

The document highlights the importance of sighchain fingerprints in verifying the authenticity of devices and the integrity of the communication chain within a secure network. It also outlines the robustness of the system against insider threats and how users can ensure that the keys they are approving are legitimate and have not been tampered with by an attacker.