Key Archival Process
Chapter
22
Setting Up Key Archival and Recovery
717
Certificate Management System does not provide any policy plug-in modules for
the Data Recovery Manager. However, you can write custom policy plug-in
modules (that is, write Java classes that implement these rules), register them in the
Data Recovery Manager’s policy framework, and create policy rules using these
plug-in implementations. For details about writing custom plug-ins, see “CMS
SDK” on page 65.
Forms for Users and Key Recovery Agents
End users’ encryption private keys are archived by the Data Recovery Manager
when they are generated. So, for key archival to occur, the enrollment form that
users fill out to request dual certificates must have the JavaScript code for
activating the key archival process embedded in it, along with a valid copy of the
Data Recovery Manager’s transport certificate. Then, when a Certificate Manager
or Registration Manager that is processing the user’s certificate issuance request
detects the key archival option, it automatically requests the service of the Data
Recovery Manager. For information on customizing this form, see “Step C.
Customize the Certificate Enrollment Form” on page 733.
Initiating the key recovery process also requires its own HTML form. By default,
the Data Recovery Manager Agent Services interface provides a form for initiating
the process and retrieving keys. For information on customizing this form, see
“Step D. Customize the Key Recovery Form” on page 739.
Key Archival Process
If your certificate infrastructure has been set up for key archival, the Data Recovery
Manager automatically archives users’ encryption private keys. For general
information on the type of PKI setup needed for archiving keys, see “PKI Setup for
Key Archival and Recovery” on page 715. For specific instructions on setting up a
key archival and recovery infrastructure, see “Configuring Key Archival and
Recovery Process” on page 731.
Why You Should Archive Keys
If a user loses a private data-encryption key or is unavailable to use his or her
private key, the key must be recovered before any data that was encrypted with the
corresponding public key can be read. You can recover the private key if an
archival copy of it was created when the key was generated.
Summary of Contents for NETSCAPE DIRECTORY SERVER 6.01
Page 1: ...Installation and Setup Guide Netscape Certificate Management System Version6 01 May 2002...
Page 22: ...22 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 32: ...32 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 160: ...160 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 776: ...776 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 807: ...807 Part 5 Appendix Appendix A Certificate Download Specification...
Page 808: ...808 Netscape Certificate Management System Installation and Setup Guide May 2002...
Page 830: ...830 Netscape Certificate Management System Installation and Setup Guide May 2002...