Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
Data recovery is the PKI-related process that decrypts encrypted data following the loss of a private key. It is a service that is required when dealing with persistent data that are secured using encryption technology. The inability to decrypt data when the encryption key is lost would result in data loss. Data recovery can occur independently of user private key recovery. It can also follow key recovery.
When data recovery occurs independently of user private key recovery, a predefined set of administrators—referred to as data recovery agents— are authorized to decrypt the data. In order to make data recovery happen independently of user private key recovery, the symmetric encryption key must be available to the data recovery agents. That is why PKA using this type of data recovery typically encrypts a copy of the symmetric encryption key using the data recovery agent’s public key. A good example of an application where data recovery can occur completely independent of user private key recovery is the Encryption File System (EFS) coming with Windows 2000 and Windows Server 2003. EFS is explained in more detail in Chapter 17.
Data recovery can also follow key recovery: After a user and authorized administrator gain access to the user’s private key, the user can use the key to decrypt the encrypted symmetric keys that were used to encrypt the data. This is what happens in the key recovery scenarios (e.g., for S/MIME- rooted secure mail applications) that were explained in previous sections.
Keep the following in mind when you must decide upon the use of key or data recovery in a PKI:
-
Data recovery is required when an organization requires access to the encrypted data independent of the user or if a policy does not allow access to private keys of users.
-
Key recovery is used when the policy of an organization allows access to private keys (and possibly does not allow access to encrypted data of users).
-
If access to data or private keys are not allowed, then key recovery and data recovery should not be used.
Категории