The Data Recovery Manager signs a proof-of-archival token with its private
4.
transport key and sends the token to the Registration Manager.
The Registration Manager verifies the token and sends the certificate requests
5.
on to the Certificate Manager.
The Certificate Manager issues the signing and encryption certificates and
6.
sends them back to the Registration Manager.
The Registration Manager delivers the certificates to the end entity.
7.
Figure 1-2
Key storage process during end-entity enrollment
Data encrypted with the storage key can be retrieved only if m of n "split keys" are
provided at the same time by m of n authorized recovery agents. By default, m and
n are 2 and 3, respectively. Both values can be changed, as long as m is less than or
equal to n.
Chapter 1
Introduction to Certificate Management System
System Overview
53
Need help?
Do you have a question about the NETSCAPE MANAGEMENT SYSTEM 6.0 and is the answer not in the manual?