System information
kra.noOfRequiredRecoveryAgents=1
kra.recoveryAgentGroup=Data Recovery Manager Agents
4. Set the PKCS #12 token password that the requester uses to import the recovered
certificate/key pair package.
5. Optionally, set a certificate nickname for the archived key.
6. Paste the base-64 encoded certificate corresponding to the archived key into the text area.
The certificate can be searched and viewed through the CM agent services pages.
If the archived key was found through the corresponding public key, the certificate
information is automatically transferred to the form.
7. Click Recover to initiate the key recovery request.
Selecting this option notifies the key recovery agents that a recovery has been initiated and
gives them the recovery authorization reference number.
Note
Do not close the browser after initiating the key recovery. The agent must wait for
all other agents to authorize the key recovery request before the system returns
the hyperlink to download the PKCS #12 file containing the private key. This
page keeps refreshing to check if all other agents have authorized.
8. Every DRM agent must approve the key recovery once the agent receives the recovery
authorization number.
a. Open the DRM agent services page.
b. Select Authorize Recovery.
c. Enter the recovery authorization request number.
d. Select Examine to examine the key being recovered.
e. Select Grant to complete the key recovery.
9. Once all agents have authorized the recovery, then the agent who initiated the key recovery
request is given a link download (import) the PKCS #12 file.
10.When selecting the PKCS #12 file, a dialog box appears. Specify the path and filename to
save the encrypted file containing the recovered certificate and key pair.
Chapter 7. DRM: Recovering Encrypted Data
68