About The Data Recovery Manager (Drm) - Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT Deployment Manual

NOTE
If the CRL is large, the Certificate Manager can take a considerable amount of time to
publish the CRL.
The Online Certificate Status Manager stores each Certificate Manager's CRL in its internal database
and uses it as the CRL to verify certificates. The Online Certificate Status Manager can also use the
CRL published to an LDAP directory, meaning the Certificate Manager does not have to update the
CRLs directly to the Online Certificate Status Manager.

2.1.4. About the Data Recovery Manager (DRM)

To archive private encryption keys and recover them later, the PKI configuration must include the
following elements:
• Clients that can generate dual keys and that support the key archival option (using the CRMF/
CMMF protocol).
• An installed and configured DRM.
• HTML forms with which end entities can request dual certificates (based on dual keys) and key
recovery agents can request key recovery.
Only keys that are used exclusively for encrypting data should be archived; signing keys in particular
should never be archived. Having two copies of a signing key makes it impossible to identify with
certainty who used the key; a second archived copy could be used to impersonate the digital identity
of the original key owner.
Clients that generate single key pairs use the same private key for both signing and encrypting data,
so a private key derived from a single key pair cannot be archived and recovered. Clients that can
generate dual key pairs use one private key for encrypting data and the other for signing data. Since
the private encryption key is separate, it can be archived.
In addition to generating dual key pairs, the clients must also support archiving the encryption key in
certificate requests. This option archives keys at the time the private encryption keys are generated as
a part of issuing the certificate.
2.1.4.1. Archiving Keys
The DRM automatically archives private encryption keys if archiving is configured.
If an end entity loses a private encryption key or is unavailable to use the private key, the key must
be recovered before any data that was encrypted with the corresponding public key can be read.
Recovery is possible if the private key was archived when the key was generated.
There are some common situations when it is necessary to recover encryption keys:
• An employee loses the private encryption key and cannot read encrypted mail messages.
• An employee is on an extended leave, and someone needs to access an encrypted document.
• An employee leaves the company, and company officials need to perform an audit that requires
gaining access to the employee's encrypted mail.
About the Data Recovery Manager (DRM)
29