Posted by arlene

Sometimes it may be necessary to recover a key from storage. One of the problems that often arises regarding PKI is the fear that documents will be unrecoverable, because someone loses or forgets their private key. Let’s say that employees use Smart Cards to hold their private keys. Drew, one of the employees, accidentally left his wallet in his pants and it went through the wash, Smart Card and all. If there is no method of recovering keys, Drew would not be able to access any documents or e-mail that used his existing private key.

Many corporate environments implement a key recovery server for the sole purpose of backing up and recovering keys. Within an organization, there is at least one key recovery agent. A key recovery agent is an employee who has the authority to retrieve a user’s private key. Some key recovery servers require that two key recovery agents retrieve private user keys together for added security (separation of duties). This is similar to certain bank accounts, which require two signatures on a check for added security. Some key recovery servers also have the ability to function as a key escrow server, thereby adding the ability to split the keys onto two separate recovery servers, further increasing the security.

Public Key Key Recovery Information

Now that the contents of Drew’s wallet have been destroyed, he is going to have to get his license, credit cards, and other items replaced. For him to get a new license, Drew is going to have to be able to prove his identity to the DMV. He may need to bring his social security card, birth certificate, passport, and so forth. Since the DMV is a trusted authority, they are going to make sure that Drew is who he claims to be before they will issue him another license.

CAs and recovery servers also require certain information before they allow a key to be recovered. This is known as Key Recovery Information (KRI). KRI usually consists of

• The name of the key owner, along with information verifying that the person requesting key recovery is authorized to recover the key on behalf of that key owner. (Note that this is often a subset of the same credentials that would have been used to create the key in the first place.)
• The time that the key was created.
• The issuing CA server.
• Once the CA (or the key recovery agent) verifies the KRI, the key recovery process can begin.

Public Key M of N Control

As mentioned, some key recovery servers can break up the key recovery process between multiple key recovery agents. This type of key recovery security is known as m of n control. m of n works by splitting the PIN between n number of key recovery agents, then reconstructing the PIN only if m number of recovery agents provide their individual passwords. n must be an integer greater than 1 and m must be an integer less than or equal to n. Going back to the example of Drew, let’s say that we are using the m of n control and we have three separate key recovery agents.

To be able to recover Drew’s private key, at least two of the key recovery agents must be present. If Drew arrives in the office before the key recovery agents, he has to wait for two of the three to arrive. If only one of the key recovery agents tried to recover Drew’s key under m of n control, the recovery process would be denied.

Possibly related posts: (automatically generated)
Public Key Recovery

• Oft-forgotten Data Disaster Recovery
• PKI (public key infrastructure) Management and Certificate Lifecycle
• Hand in hand Database Design and Data Backup, Recovery continue...
• Public-key Certificates and Certificate Authorities
• Hardware Public Key Storage vs. Software Public Key Storage
• Public Key Destruction and Distribution
• Website Hosting Sever, some Pitfalls you need to avoid part 2
• Network Access Control Databases
• Public Key Renewal
• Privacy, Security, and Email Marketing Data