On Monday 24 May 2004 14:47, Michael Konietzka wrote: > OK, done it this way using two different roles and it worked. > But I am using for both certificates the client-side generation. > Michael Bell said, for key recovery of the decryption certs i > should use the batch processor. So i will check this out.
Yes, this is a good idea. In general it is a good idea for your users to generate their own signing keys, as then everyone knows that the keys have not existed anywhere other than the end user client (this is good for non-repudiation). If they then loose their signing keys, they just generate new ones. Chris... ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
