Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual page 740
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents
Advertisement
Key Archival Process
These are the steps shown in Figure 22-1:
A user uses a client capable of generating dual key pairs to access the certificate
1.
enrollment form served by the Registration Manager, fills in all the
information, and submits the request.
The Registration Manager detects the key archival option in the user's request
and asks the client for the user's encryption private key.
The client encrypts the user's encryption private key with the public key from
the Data Recovery Manager's transport certificate; a copy of the transport
certificate is embedded in the enrollment form.
Upon receiving the encrypted key from the client, the Registration Manager
2.
sends it to the Data Recovery Manager for storage, along with some other
information (including the user's public key). Then, the Registration Manager
waits for verification from the Data Recovery Manager that the private key has
been received and stored and that it corresponds to the user's public
encryption key.
Upon receiving the encrypted key from the Registration Manager, the Data
3.
Recovery Manager decrypts it with the private key that corresponds to the
public key in its transport certificate. After confirming that the private
encryption key corresponds to the user's public encryption key, the Data
Recovery Manager encrypts it again with its storage key before storing it in its
internal database. (The storage key either resides in a software or a hardware
token and is never exposed to any other entity.)
Once the user's private encryption key has been successfully stored, the Data
4.
Recovery Manager uses the private key of its transport key pair to sign a token
confirming that the key has been successfully stored; the Data Recovery
Manager then sends the token to the Registration Manager.
After the Registration Manager receives and verifies the signed token, it sends
5.
the certificate request to the Certificate Manager for issuance.
The Certificate Manager formulates two certificates, one each for signing and
6.
encryption key pairs, and returns them to the Registration Manager.
The Registration Manager forwards the certificates to the client (the user).
7.
Note that all three subsystems subject the request to configured policy rules at
appropriate stages. If the request fails to meet any of the policy rules, the
subsystem rejects the request.
740
Netscape Certificate Management System Installation and Setup Guide • October 2001
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 4.5
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE