Drm: Recovering Encrypted Data; List Requests - Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE Manual

Chapter 6. DRM: Recovering Encrypted
Data
This chapter describes how authorized Data Recovery Manager (DRM) agents process key recovery requests and recover
stored encrypted data when the encryption key has been lost. This service is available only when the DRM subsystem is
installed.

1. List Requests

There are three kinds of key service requests:
• Key archival requests, made by Certificate Manager agents
• Key recovery requests, made by DRM agents
• Token key requests for archiving smart card (token) keys in conjunction with server-side key generation requests. This
request can only be initiated through a TPS subsystem.
A DRM agent reviews these requests. An agent can search for and list key service requests with a particular status, such as
completed or rejected, select a key service request from the returned list, and examine the request details. Key service re-
quests are handled internally; it is not necessary to take any action on them unless the Certificate System is specially con-
figured.
To list key service requests, do the following:
1. Open the DRM agent services page.
2. Click List Requests to display the List Requests form. This page specifies which key service requests to list.
3. Choose the type of requests to see from the Request type menu. There are three request types:
• Show Key Archivals requests
• Show Key Recovery requests
• Show Token Key requests
• Show all requests
4. Select the status of requests from the Request status menu.
• Show canceled requests. Unless the system is specially configured to allow requests to be canceled, there are no
canceled requests.
• Show rejected requests. Rejected requests do not comply with the archival or recovery policies. Unless the system
is specially configured to allow requests to be rejected, there are no rejected requests.
• Show completed requests. Completed requests include archival requests for which proof of archival has been sent
and completed recovery requests.
• Show all requests. All requests stored in the system.
5. To start the list at a specific place in the queue, enter the starting request identifier in decimal or hexadecimal form.
Use 0x to indicate the beginning of a hexadecimal number; for example, 0x2A. Key identifiers are displayed in hexa-
decimal form in the Search Results and Details pages.
6. Choose the number of matching requests to be returned. The system displays that number of requests, beginning with
the starting request identifier.
7. Click Find.
The DRM displays a list of the key service requests that match the search criteria. Select a request from the list to ex-
42 Chapter 6. DRM: Recovering Encrypted