Red Hat CERTIFICATE SYSTEM 7.3 - AGENT GUIDE Manual page 78

Chapter 7. DRM: Recovering Encrypted Data
kra.noOfRequiredRecoveryAgents=1
kra.recoveryAgentGroup=Data Recovery Manager Agents
4. Set the PKCS #12 token password that the requester uses to import the recovered certificate/key
pair package.
5. Optionally, set a certificate nickname for the archived key.
6. Paste the base-64 encoded certificate corresponding to the archived key into the text area.
The certificate can be searched and viewed through the CM agent services pages.
If the archived key was found through the corresponding public key, the certificate information is
automatically transferred to the form.
7. Click Recover to initiate the key recovery request.
Selecting this option notifies the key recovery agents that a recovery has been initiated and gives
them the recovery authorization reference number.
Note
Do not close the browser after initiating the key recovery. The agent must wait for all
other agents to authorize the key recovery request before the system returns the hyper-
link to download the PKCS #12 file containing the private key. This page keeps refresh-
ing to check if all other agents have authorized.
8. Every DRM agent must approve the key recovery once the agent receives the recovery authoriza-
tion number.
a. Open the DRM agent services page.
b. Select Authorize Recovery.
c. Enter the recovery authorization request number.
d. Select Examine to examine the key being recovered.
e. Select Grant to complete the key recovery.
9. Once all agents have authorized the recovery, then the agent who initiated the key recovery request
72