Hy all
I am currently working on key escrow possibilities of openCA, ie how can I backup user private keys at the CA?
The only way I see to provide key escrow is to force the users to make a basic request with serverside key generation because I then have the private key in the database of the CA. So, if the user looses his private key I can recover it from the database. Is this correct or is there another way?
The problem with this is that I cannot recover the key if the user doesn't remember his passphrase. So for example if a user encrypts data with his public key and dies (worst case ) and the private key gets lost I will not be able to recover his private key and thus not be able to decrypt his data. I hope my reasoning here is correct.
Thus I wondered if there is any possibility to recover a lost private key from the CA or RA database without knowing the users passphrase.
Thanx for any help
Pierre
PS: Sorry for the authorithy key identifier problem, I was a little bit canfused and I saw now that 2 openCA installations were completely mixed up and thus I had strange values for this field in several certificates.
_________________________
Pierre Scholtes
Unicible
tel: +41 (0)21 644 6111
fax: +41 (0)21 644 6300
mailto:[EMAIL PROTECTED]
http://www.unicible.ch
- [Openca-Users] Two questions Chris Covell
- Re: [Openca-Users] Two questions Michael Bell
- Re: [Openca-Users] Two questions Chris Covell
- Re: [Openca-Users] Two questions Michael Bell
- Re: [Openca-Users] Key escrow Pierre Scholtes
- Re: [Openca-Users] Key escrow Chris Covell
