Forms For Users And Key Recovery Agents; Key Archival Process; Why You Should Archive Keys - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Forms for Users and Key Recovery Agents
End-entity's encryption private keys are archived by the Data Recovery Manager when they
are generated. So, for key archival to occur, the enrollment form that users fill out to request
dual certificates must have the JavaScript code for activating the key archival option
embedded in it, along with a valid copy of the Data Recovery Manager's transport
certificate. Then, when a Certificate Manager or Registration Manager that is processing the
end-entity's certificate issuance request detects the key archival option, it automatically
requests the service of the Data Recovery Manager. For information on customizing this
form, see "Step C. Customize the Certificate Enrollment Form" on page 219.
Initiating the key recovery process also requires its own HTML form. By default, the Data
Recovery Manager Agent Services interface provides a form for initiating the process and
retrieving keys. For information on customizing this form, see "Step D. Customize the Key
Recovery Form" on page 225.
Key Archival Process
If your certificate infrastructure has been set up for key archival, the Data Recovery
Manager automatically archives end-entity's encryption private keys. For general
information on the type of PKI setup needed for archiving keys, see "PKI Setup for Key
Archival and Recovery" on page 187. For specific instructions on setting up a key archival
and recovery infrastructure, see "Installing a Standalone Data Recovery Manager" on
page 203.
Why You Should Archive Keys
If a end-entity's loses a private data-encryption key or is unavailable to use his or her
private key, the key must be recovered before any data that was encrypted with the
corresponding public key can be read. You can recover the private key if an archival copy
of it was created when the key was generated.
Here are a few situations in which you might need to recover a end-entity's encryption
private key:
•
An employee loses the encryption private key (for example, after a disk crash or by
forgetting the password to the key file) and cannot read encrypted mail messages.
•
An employee is on an extended leave, and you need access to an encrypted document
in his or her files.
Key Archival Process
Chapter 6
Data Recovery Manager
189
Advertisement
Table of Contents
