Encryption Key Management Primer – Requirement 3.6 « PCI Guru.
Insightful article on PCI DSS requirement 3.6 – encryption key management, which is very complex when done manually. If you doubt it, read this article.
The PCIGuru also points out that “… for users of PGP or hardware security module (HSM), you will have no problem complying with the sub-requirements of 3.6.”