The algorithm or key length may be used only to process already protected information (e.g., to decrypt ciphertext data or to verify a digital signature).
Sources:
NIST SP 800-131A Rev.2