Table of Contents
Advertisement
Configuring Key Archival and Recovery Process
i.
Step D. Configure Key Archival Policies
This step is optional.
Unlike Certificate Manager and Registration Manager, no policy plug-in modules
are provided for the Data Recovery Manager. If you have implemented any custom
policy modules for the Data Recovery Manager's key archival process, you should
make sure that they are configured properly. For details on configuring policies for
a subsystem, see "Configuring Policy Rules for a Subsystem" on page 491.
Step 2. Set Up the Key Recovery Process
Before proceeding with this section, you should have read "Key Recovery Process"
on page 205. In particular, you should be familiar with how the key archival
process works. If you are not, see "How Agent-Initiated Key Recovery Works" on
page 208.
The Data Recovery Manager supports agent-initiated key recovery process, in
which end-entity's encryption private keys are recovered by designated key
recovery agents. This section explains how to set up the key recovery process.
To set up agent-initiated key recovery process, follow these steps:
•
Step A. Verify the m of n Scheme
•
Step B. Facilitate the Key Recovery Agents to Change the Passwords
•
Step C. Determine the Authorization Mode for Key Recovery
•
Step D. Customize the Key Recovery Form
•
Step E. Configure Key Recovery Policies
Step A. Verify the m of n Scheme
During the installation of the Data Recovery Manager, you were asked to specify
the total number of key recovery agents (a minimum of one) and the number of
agents (of this total) required to authorize a key recovery operation. This
combination is called m of n scheme. For more information about this, see "Key
Recovery Agent Scheme" on page 211.
236
Netscape Certificate Management System Administrator's Guide • February 2003
The method triggers the client to generate two RSA key pairs—one key of
length 512 for encrypting data and another key of length 1024 for signing
data.
Save your changes.
Advertisement
Table of Contents
