Maintain secure continuity of access
Entrust Key Recovery Server (KRS) for Entrust Certificate Authority provides a highly secure secondary means of accessing private keys used to encrypt information. Key Recovery Server offers an empowering solution to the increasingly common challenge of enabling and/or maintaining continuity of access to encrypted information when the original private key cannot be accessed.
Comply with the key recovery policies and models of the U.S. Department of Defense PKI, the Federal Common Policy, and more.
Enforce separation of roles, limit key recovery decisions to specific groups, and implement multi-party oversight and authorization.
Securely deliver keys to the Requestor in PKCS #12 format or onto hardware devices.
How It Works
- A Key Requestor requests one or more of a user’s keys
- The request is queued for Key Request Agent 1 (KRA1). An email notification is sent to all of the members of the KRA1 group and other select individuals, such as security officers or Legal – notifying them that a key recovery process has commenced.
- KRA1 retrieves and reviews the request to determine whether it’s appropriate and meets applicable policies and agency guidelines. KRA1 can then approve or reject the request, or allow it to expire.
- If approved by KRA1, an email notification is generated to alert Key Request Agent 2 (KRA2). KRA2 reviews the request to determine if it’s appropriate and meets applicable policies and agency guidelines. KRA2 can then approve or reject the request, or allow it to expire.
- If approved by KRA1 and KRA2, the Requestor is notified that request has been approved and the keys are ready for recovery. The Requestor may recover the keys to an approved storage format.