If the disk encryption key has been compromised or has reached the end of its key life cycle (according to the local security policy), it may be marked as DEPRECATED and another key is created to replace it. DEPRECATED keys cannot be used in the ENCRYPT or RC commands, but the packs which are using those keys are fully functional.

Disk encryption keys can also be marked as EXPIRED. If this occurs, a warning entry is shown when the pack comes online. You can reverse a DEPRECATED or EXPIRED key by using ODT commands. If a new key is to be used to replace a DEPRECATED or EXPIRED key, it follows the same process for key creation and assignment (through the ENCRYPT or RC ODT command).