Key Recovery Agent Scheme - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
Key Recovery Process
Key Recovery Agent Scheme
The key recovery agent scheme consists of configuring the Data Recovery Manager to
recognize a fixed number of key recovery agents (a minimum of one) and specifying how
many of these agents are required to authorize a key recovery request before the archived
key is restored. Each recovery agent provides the Data Recovery Manager with a password,
which it uses to generate a unique PIN; the Data Recovery Manager uses the PIN to protect
its storage key pair, which in turn protects end-entity's keys.
The Data Recovery Manager tracks the key recovery agent password for each agent and
allows you to facilitate changing agents' passwords; you do not have direct access to these
passwords or the actual storage key password. Each password retrieves only a part of the
private storage key.
You first specified the key recovery agent scheme when you installed the Data Recovery
Manager.
Changing the Key Recovery Agent Scheme
You can change the total number of key recovery agents for a Data Recovery Manager and
the number of key recovery agents required to retrieve an end-entity's encryption private
key from the Data Recovery Manager's key repository.
To change the key recovery agent scheme:
Access the CS window (see "Logging Into the CS Console" on page 239).
1.
Click the Configuration tab.
2.
198
Red Hat Certificate System Administrator's Guide • September 2005
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?