Key Recovery Process
206
Netscape Certificate Management System Administrator’s Guide • February 2003
whereby it splits the PIN that protects the token in which the storage key pair
resides among n number of key recovery agents and reconstructs the PIN only if m
number of recovery agents provide their individual passwords; n must be an
integer greater than 1 and m must be an integer less than or equal to n.
Here’s how the m of n secret splitting mechanism gets built and works:
During the installation of a Data Recovery Manager, you generate the storage key
pair and specify the hardware token in which the key pair is to be stored. At this
time, the system generates a PIN and splits it into n pieces to protect the token, the
total number of key recovery agents (n), and how many of these agents (m) are
required to perform a key recovery operation. You can change the m of n secret
splitting later; for details, see “Key Recovery Agent Scheme” on page 211.
The Data Recovery Manager splits the PIN for the token into n parts or pieces by
using the Bloom/Shamir secret-sharing algorithm. It then encrypts these parts with
the passwords that are provided by the authorized key recovery agents.
During the key recovery procedure, the required number of key recovery agents
(m) provide their identifiers and passwords. After verifying the passwords, the
Data Recovery Manager reconstructs the PIN for the token based on the given
information.
Interface for the Key Recovery Process
With the Key Recovery form provided in the Data Recovery Manager Agent
Services interface, key recovery agents can collectively unlock the storage key of
the Data Recovery Manager and retrieve end-entity’s encryption private keys and
associated certificates in a PKCS #12 package, which can then be imported into the
client. For an overview of this process, see “How Agent-Initiated Key Recovery
Works” on page 208.
Because key recovery agents use the Data Recovery Manager Agent Services
interface, agent-initiated key recovery invariably involves the Data Recovery
Manager agent and key recovery agents. The Data Recovery Manager agent’s
certificate is required to access the Key Recovery form, and key recovery agents’
passwords are required to unlock the key repository. For information on Data
Recovery Manager agents, see “Agents” on page 328.
Your organization’s PKI policy may require that the key recovery process be
restricted to authorized recovery agents only, preventing any Data Recovery
Manager agent from being involved. If so, you should ask all key recovery agents
to get client certificates and set them up as Data Recovery Manager agents. For
instructions, see “Setting up Administrators, Agents, and Auditors” on page 330.
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...