Table of Contents
Advertisement
Key Recovery Process
If the request passes all the policy rules, the Data Recovery Manager sends a
3.
confirmation HTML page to the web browser the agent used. If the request
fails any of the policy checks, the server logs an appropriate error message.
The confirmation page contains information and input sections:
The key recovery agents verify the information in the confirmation page and
4.
enter the certificate in MIME-64 format, the password for the PKCS #12
package, and their individual identifiers and passwords. The Data Recovery
Manager agent submits the page to the Data Recovery Manager.
The Data Recovery Manager matches the key recovery agent information with
5.
its m of n scheme (see "Key Recovery Agent Scheme" on page 211). After
verifying that the required number of recovery agents entered their passwords,
the server uses the agents' passwords to construct the PIN required to access
the private key repository.
The Data Recovery Manager then retrieves the end-entity's private key from its
6.
key repository and decrypts it by using the private component of the storage
key pair.
The Data Recovery Manager packages the end-entity's certificate and the
7.
corresponding private key as a PKCS #12 package and encrypts it with the
PKCS #12 password provided by the recovery agent. It then delivers the
package to the client the recovery agent used to initiate the key recovery
process, and prompts the agent to store the encrypted package. The agent may
choose to store the package in the local file system of the client machine (only if
it has restricted access) or on a floppy diskette.
The recovery agent can then send the encrypted PKCS #12 package and the
corresponding password to an individual by any secure, out-of-band means.
210
Netscape Certificate Management System Administrator's Guide • February 2003
The information section includes the end-entity's information.
The input section includes fields for entering the end-entity's certificate
corresponding to the key that needs to be recovered, the password for the
PKCS #12 package, and key recovery agents' passwords.
The Data Recovery Manager uses the certificate to construct the
PKCS #12 package (which includes the end-entity's encryption private key
and corresponding certificate), the PKCS #12 password to encrypt the
PKCS #12 package, and key recovery agents' passwords to construct the
PIN required to unlock its key repository.
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN