Hi The procedures will be defined later. I want to know if it is technically possible to have a key recovery option with Open CA.
Thes usage of it : being able to recover an encrypted document should an employee leave, or disappear. Has anybody done this before ??? Thanks -----Message d'origine----- De : Massimiliano Pala [mailto:[EMAIL PROTECTED]] Envoy� : vendredi 26 juillet 2002 20:23 � : '[EMAIL PROTECTED]' Objet : Re: [Openca-Users] Private key backup. LE CORVIC Y InfoEdpEtcDep wrote: > Hi Hi, > We are currently working on a prototype of PKI. So are we ... :-D > I would like to know a couple of things : > > - Is it possible to generate the first keypairs directly on tokens to give > the users without them having to do anything ? This would be useful to get > them started swiftly. It depends on what do you mean by it. If you mean the token to be initialized within your organization and then the user simply come and get it the answer is : it depends on the policy you are referring to. You have to keep in mind (and many forget this) that the PKI is based on a trust path between the user and the CA. You can do whatever you want to but it MUST be clear what you are going to do in your policies and that document should be available to everyone. Usually you want to register your own OID for your organization to reference it within the certificates. > - Is there a way to backup private keys from tokens used by users ? If the tokens allows to backup keys, yes. But frankly I really would discourage it because of the fact that the more copies of the keys there will be, the more the chances for the cracker to come in touch with it. Anyway it depends on the usage you issue the certificates for. Also it depends on what it is written in your policies. > - Is there a way for users to just send a certificate request without them > generating the key pair ? Yes, make them simply fill in a simple form... in OpenCA, actually there is not this possibility but it could be possible to add it into the wishlist. -- C'you, Massimiliano Pala --o------------------------------------------------------------------------- Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.openca.org Tel.: +39 (0)59 270 094 http://openca.sourceforge.net Mobile: +39 (0)347 7222 365 ************************************************************************* Ce message et toutes les pi�ces jointes (ci-apr�s le "message") sont confidentiels et �tablis � l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autoris�e est interdite. Tout message �lectronique est susceptible d'alt�ration. La SOCIETE GENERALE et ses filiales d�clinent toute responsabilit� au titre de ce message s'il a �t� alt�r�, d�form� ou falsifi�. ******** This message and any attachments (the "message") are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. ************************************************************************* ------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code1 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
