There are cases where an operation can't handle the latency of calling to the TSP during the operation. Or for cases where the dek should be re-used 10s or 100s of times in a row. In these cases we should support a time limited decryptor and encryptor. This would allow these operations to take place in a time sensitive way.
On close the decryptor and encryptor should report their usage back to the TSP. The DEK should be zerod out and there should be a time limit on the amount of time the DEK can be cached for.
There are cases where an operation can't handle the latency of calling to the TSP during the operation. Or for cases where the dek should be re-used 10s or 100s of times in a row. In these cases we should support a time limited decryptor and encryptor. This would allow these operations to take place in a time sensitive way.
On close the decryptor and encryptor should report their usage back to the TSP. The DEK should be zerod out and there should be a time limit on the amount of time the DEK can be cached for.