If an Encipherment Certificate Holder’s Private Key is lost, a person, organisation and businesses must still be able to recover data that the person/employee had encrypted before, which can only be done by recovering the Encipherment Private Key. Reasons for key recovery may include a person/employee forgetting a password to unlock an encrypted file, the resignation/unavailability of an employee who has encrypted some information, or someone attempting to hide criminal activity from law enforcement officials. To ensure the ability to recover encrypted data, Encipherment Private Keys must be backed up and stored securely.
Note, however, that Signing Keys, i.e., keys used for Electronic Signatures, should not be backed up (in the case of Qualified Certificate, the Private Key cannot be backed up in any ways), since doing so prevents from ensuring Non-Repudiation. If anyone other than a particular holder has a copy of a Signing Key, then that holder can claim that someone else supplied the signature on a contested document. If a holder loses a Signing Key, a new key and associated certificate can be easily generated.
The Encipherment Private Key Recovery Service can only be taken place in the MPKI Control Centre using the Onsite Administrator Certificate and the RAO Client Administrator Certificate simultaneously. To retrieve the Private Encryption Key, our authorized staff will perform the following under a dual control.
- The MPKI administrator logs into the MPKI Control Centre with the Onsite Administrator Certificate and select the Encipherment Certificate to be retrieved
- The MPKI administrator should verify the certificate details before approval of the Key Recovery
- The MPKI administrator approves the Key Recovery of the selected Encipherment Certificate
- The MPKI RAO logs into the MPKI Control Centre and continue the Key Recovery of the Encipherment Certificate
- A file contained the Private Encryption Key will be generated once the Key Recovery process is done. The certificate holder can store the file in a floppy diskette and record the password of the file.
- The Encipherment Private Key Recovery Service is done.
For a nominal fee, eSignTrust provides an Encipherment Private Key Recovery Service that will enable the holder of an eSignTrust Encipherment Certificate to securely retrieve his/her Private Encryption Key in the event of loss, misplacement or unavailability of the Private Key.
Please refer to our Pricing Table for details.
Please Contact Us for additional information.