Forms For Users And Key Recovery Agents; Key Archival Process; Why You Should Archive Keys - Netscape MANAGEMENT SYSTEM 6.0 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 6.0:
- Manual (302 pages) ,
- Installation and migration manual (66 pages) ,
- Administrator's manual (470 pages)
Table of Contents
Advertisement
Key Archival Process
Certificate Management System does not provide any policy plug-in modules for
the Data Recovery Manager. However, you can write custom policy plug-in
modules (that is, write Java classes that implement these rules), register them in the
Data Recovery Manager's policy framework, and create policy rules using these
plug-in implementations. For details about writing custom plug-ins, see "CMS
SDK" on page 65.
Forms for Users and Key Recovery Agents
End users' encryption private keys are archived by the Data Recovery Manager
when they are generated. So, for key archival to occur, the enrollment form that
users fill out to request dual certificates must have the JavaScript code for
activating the key archival process embedded in it, along with a valid copy of the
Data Recovery Manager's transport certificate. Then, when a Certificate Manager
or Registration Manager that is processing the user's certificate issuance request
detects the key archival option, it automatically requests the service of the Data
Recovery Manager. For information on customizing this form, see "Step C.
Customize the Certificate Enrollment Form" on page 733.
Initiating the key recovery process also requires its own HTML form. By default,
the Data Recovery Manager Agent Services interface provides a form for initiating
the process and retrieving keys. For information on customizing this form, see
"Step D. Customize the Key Recovery Form" on page 739.
Key Archival Process
If your certificate infrastructure has been set up for key archival, the Data Recovery
Manager automatically archives users' encryption private keys. For general
information on the type of PKI setup needed for archiving keys, see "PKI Setup for
Key Archival and Recovery" on page 715. For specific instructions on setting up a
key archival and recovery infrastructure, see "Configuring Key Archival and
Recovery Process" on page 731.
Why You Should Archive Keys
If a user loses a private data-encryption key or is unavailable to use his or her
private key, the key must be recovered before any data that was encrypted with the
corresponding public key can be read. You can recover the private key if an
archival copy of it was created when the key was generated.
Chapter 22
Setting Up Key Archival and Recovery
717
Advertisement
Table of Contents
