Archiving Encryption Keys

You can archive the private keys for encryption certificates at a Microsoft Windows Server 2003 enterprise certification authority (CA) to allow recovery of the private key if a user's private key is lost or corrupted. This functionality is available on a Windows Server 2003 enterprise CA running on Windows Server 2003, Enterprise Edition, or Windows Server 2003, Datacenter Edition.

An organization should specify key archival and recovery in its security policy. If an organization does not specify that it allows key archival and recovery, it is almost impossible for the organization to implement key archival and recovery, as there are no guidelines for the implementation. If the security policy allows key archival, the policy must state when it is permissible for a certificate's private key to be recovered from the CA database.

Key recovery is only possible only when the private key material is stored on the local file system. When a software cryptographic service provider (CSP) is used, the private key material is stored in the \Documents and Settings\ UserName\Appli-cation Data\Microsoft\Crypto\RSA or the \Documents and Settings\ UserName \Application Data\Microsoft\Crypto\DSS folder. An organization's security policy typically lists the following reasons for allowing key recovery:

■ A user profile is deleted. When an encryption private key is stored in a user's profile folder, the private key is lost if a anyone deletes that specific profile. Many organizations use profile deletion to fix problems with user logon. For example, if the desktop fails or takes a long time to appear, many organizations prescribe deleting the user's profile and generating a new profile. This results in deletion of the user's private key material.

■ A hard disk is corrupted. The corruption of a hard disk can cause users to lose access to their profiles. This can mean a total loss of access or loss of access to the private key material within the user profile.

■ The operating system is reinstalled. When the operating system is reinstalled, access to the previous user profiles is lost, including any private keys stored in the user's profile.

■ A computer is stolen or lost. When a computer is stolen or lost, access to the private key material in the user profile is lost or compromised.

A difference among the reasons listed, however, is that a computer theft or loss can means the user's private key is compromised and, therefore, the certificate associated with the private key should be revoked. There is no reason to revoke the certificate for the other reasons in this list because the user's private key is not compromised.

Was this article helpful?

0 0

Post a comment